We take your privacy seriously, and that’s why we want you to know exactly how your information will be shared amongst our different businesses and when we need to share it with a third party.
We respect the privacy of all customers, third parties, suppliers and visitors (you, your) and are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles and the Privacy (Credit Reporting) Code 2014 (Credit Reporting Code).
The Doorsteps Group includes OpenAgent Pty Ltd ABN 93 161 595 679 (OpenAgent), OA Real Estate Pty Ltd ABN 41 164 368 843 (OA Real Estate), Doorsteps Finance Pty Ltd ABN 27 648 541 879 (Doorsteps Finance) and Doorsteps Solutions Pty Ltd ABN 60 654 334 246 Australian Credit Licence Number 537369 (Doorsteps Solutions). OA Real Estate, Doorsteps Finance and Doorsteps Solutions are OpenAgent’s wholly owned subsidiaries. This Privacy Policy governs the collection, use and disclosure of your personal information to any member of the Doorsteps Group (collectively referred to as “Doorsteps”, “us”, “we” and “our”).
This Privacy Policy (Privacy Policy) applies to all personal information collected by Doorsteps, or submitted to us, whether offline or online, including information collected in connection with the use of our products and services, as well as information submitted by you through our website, platforms and any mobile sites (Websites), or through our official social media pages that we control (our Social Media Pages) as well as through HTML-formatted email messages that we send to you (collectively, the “Sites”).
This Privacy Policy describes how we deal with information we collect and demonstrates our commitment to the protection of your privacy. By registering to use our platform or applying for a product or any other service we provide, visiting the Sites and otherwise providing personal information to us, you are accepting and consenting to the practices described in this Privacy Policy. If you do not agree with any of the terms of this Privacy Policy, please do not use the Sites or submit any personal information to us.
The Privacy Act defines personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not (personal information). The personal information we hold about you may include credit-related information.
Credit-related information includes both:
We use your credit-related information to assess your eligibility to be provided with any credit. Credit-related information is typically exchanged between credit and finance providers and credit reporting bodies. We strongly recommend you read the ‘Notifiable Matters’ section of this privacy policy before providing us with credit-related information.
Where you have made an application for consumer credit, we are required under the Credit Reporting Code to ensure that you are aware of certain matters, such as how we exchange your credit-related information with credit reporting bodies.
Please see ‘Types of Personal Information” below for the types of personal and credit-related information we may collect, hold and use.
We will exchange this information with a credit reporting body to confirm your identity, assess your credit worthiness, assess and manage your application for products and services. Details of these matters can be viewed on our Websites and are also set out in the ‘privacy consent and electronic authorisation’ we will ask you to agree to at the time you apply for consumer credit. You may request to have these notifiable matters (and this privacy policy) provided to you in an alternative form, such as a hard copy.
If you apply for a credit product, we will also use and collect your credit-related information for the purpose of assessing your application for credit, and to manage the credit product. Doorsteps will also share your personal and credit-related information with credit reporting bodies. We will also collect your credit-related information from credit reporting bodies.
We use the following credit reporting bodies:
Please see their privacy policies and contact details available on their website.
We primarily collect personal information from you for the purposes of dealing with you and in assisting us to arrange for the products and services you request to be provided to you. We may also collect your personal information for the purposes of direct marketing and managing our relationship with you. This may also entail collecting credit-related information where you decide to apply for credit through Doorsteps.
Most of the time, we will collect your personal information directly from you. From time to time, we may also collect information about you from other people and organisations. This includes through credit representatives and financial advisers, when engaging directly with you, from our website as well as from competitions and promotions to which you choose to respond.
We collect personal information;
We also hold all records of your communications and other interactions with us. This may include monitoring and recording our calls with you but we will let you know if we are doing this.
If you would like to understand what information in particular we hold on you, please contact us on privacy@doorsteps.com.au.
We may:
The provision of your personal information is voluntary. However, if you cannot, or will not, provide us with the personal or credit-related information we reasonably require, we may not be able to verify your identify, assess your application for a product or service, manage our relationship with you, contact you or otherwise interact with you, perform our statutory functions, or provide you with some or all of our products and other services.
We use your personal information to assist us as follows:
We may share your information with third parties for the reasons mentioned above (see “How We Use Your Personal Information”), or where the law otherwise allows or requires us to. The types of third parties are listed below (under “Disclosing Personal Information”).
We will disclose your personal information to those third parties only where such disclosure is for the purposes required. We will disclose your personal information when we are required by law to do so. Your personal information may also be disclosed to some of our service providers who are located overseas, including but not limited to the USA, Indonesia and the Philippines. These service providers help us deliver or support the provision of our products and services to you. In carrying out tasks on our behalf, service providers may have access to credit-related information. If we share information overseas, we make sure there are appropriate privacy, data handling and security arrangements in place to protect your information. We may use cloud storage to store your personal information that we hold. You can contact us for further information on the disclosure of your personal information at any time.
From time to time, we may also use your personal information to tell you about products and services we think may be of interest and value to you. This may include new or current information about products and services, loans, special offers, changes to Doorsteps or any business with which we are associated. We do not sell your personal information for direct marketing.
We will contact you via various means, including but not limited to, email, text or push notification and depending on your account or operating system settings. You have the right to opt out of receiving direct marketing at any time. If at any time you wish to stop receiving direct marketing messages from us you can let us know by contacting us. In your request, please indicate that you wish to stop receiving marketing communications from us
Individuals may request access to their personal and credit-related information unless we are permitted by law to withhold that information. Individuals may also request the correction of any personal information which is inaccurate by contacting our Privacy Officer at privacy@doorsteps.com.au. To the extent permitted by law, there are some exceptions where this access may be denied. If we deny you access to the personal or credit-related information we hold about you, or if we refuse to correct your personal or credit-related information, an explanation will be provided to you. To request access and seek the correction of personal information held by us, please email, call or write to us. We will endeavour to respond to any access or correction request within 7 working days of receipt.
If you would like any further information about our handling of personal information, or to make a complaint about our handling of your personal information, or you believe there has been a breach by us of the Privacy Act or the credit reporting provisions of the Credit Reporting Code, please lodge a complaint addressed to our Privacy Officer at privacy@doorsteps.com.au. Once we receive your complaint, we will respond to you within 7 working days. We will provide you with a decision on your complaint within 30 days.
If you are unsatisfied with the outcome of your complaint, you may wish to take your complaint to the Australian Financial Complaints Authority, which can be contacted by phone on 1800 931 678, by email at info@afca.org.au, or in writing to GPO Box 3, Melbourne VIC 3001. Please email privacy@doorsteps.com.au if you need to obtain our AFCA membership details or if you need further assistance in this regard.
You can also contact the Office of the Australian Information Commissioner (OAIC). The OIAC can be contacted by phone: 1300 363 992. Website: www.oaic.gov.au
The Notifiable Data Breaches (NDB) scheme applies to eligible data breaches that occur on or after 22 February 2018. It mandates a reporting and notification process for Doorsteps.The OAIC administers the NDB scheme.
If there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that Doorsteps holds;
then we are required to notify the OAIC about the incident.
The NDB scheme ensures that as an organisation, we are accountable for your privacy protection. The notification process is important for building a relationship of trust and transparency. In addition, by keeping you notified, you’re better able to take steps to mitigate harm, such as changing passwords or being alert to phishing emails or scams. In the interim, Doorsteps would also be taking steps to remediate the breach and will keep you advised on our progress, including the security measures being undertaken.
Please contact us on the details provided if you have any questions about this.
By Post: PO Box 419, Alexandria NSW 1435
By Email: privacy@doorsteps.com.au
We will collect information using cookies when you use our Sites, including any mobile or tablet applications. These cookies will tell us about your visit to our Sites and help us to remember you, allowing us to create a customised experience for your next visit. For example, marketing cookies help us to determine which of the services may be of interest and value to you and then tell you about them. We also use cookies for other purposes. For example, to better understand behaviours and habits, as well as diagnosing problems and making improvements to our products and services. We may also use cookie information to display targeted advertisements or content on our network and on our Sites and also on third party networks and websites, including Google and Facebook.
Google Analytics uses cookies to analyse your use of our Sites. The information generated by the cookie is usually sent to and stored overseas by Google. The types of information generated by the cookie include your location, search history and data from sites that partner with Google. We use the information provided through Google Analytics to understand and evaluate your use of our website, compile reports about activity and provide other services relevant to optimising your use of the Sites.
We also use Google Signals. This allows us to assign and track the customer journey of an individual website visitor to different end devices. For example, we can see when a user clicks on an Doorsteps advertisement on one device and then registers for our services on another device. However, we can only see this if the user has logged in to a Google service when visiting a website and has activated the option “personalised advertising” in their Google account settings at the same time. If you do not want “Google Signals” to be used, you can disable the “Ads Personalisation” option in your Google Account preferences. No personal data or user profiles are accessible to us; this means you remain anonymous to us.
For more information, please see Google’s Privacy Policy which is available here.
From time to time, we may collect, use and disclose de-identified data. De-identified data is data which has had all personally identifiable information removed or anonymised. This means that you can no longer be identified, nor can any other individual in that data-set. When we no longer need your personal information for any of the purposes set out in this Privacy Policy, or as otherwise required by law, we will take reasonable steps to destroy it or to de-identify it. We will use de-identified data for research and commercial purposes, such as creating reports and insights.
For example, we will use and share historical and current de-identified user and transactional data to develop marketing initiatives and product offerings. Those understandings, whether developed internally or in connection with an external partner may also be provided to our selected business and commercial partners from time to time. If you have any concerns or questions about our approach to, or use of, de-identified data, please let us know.
This refers to the use and disclosure of government related identifiers. For example, your tax file number and country of tax residency, medicare card, Australian passport, driver licence or pension card details , citizenship and birth certificate, death and marriage certificates etc.
We do not adopt a government related identifier of an individual as our own identifier unless required or authorised to do so by or under an Australian law, regulation or court/tribunal order. Before using or disclosing a government related identifier of an individual, we ensure that such use or disclosure is:
From time to time, you may send an application to us via an online form. We may use that information to correspond with you directly and to determine the suitability of any products and services. If you start but do not submit an online application, we may contact you using any of the contact details you have supplied to offer help completing it.
We may in some cases use automated decision-making. We will only do so if it is authorised by law, if you have provided an explicit consent, or if it is necessary for the performance of a contract. For example, we may use an automated credit approval process. You may request that we use a manual decision-making process instead. You can also express an opinion on or contest any decision which was based solely on automated processing or profiling. If we are using automated decision-making, we will let you know about the logic used, our legal basis, and the significance and envisaged consequences.
We reserve the right to modify this Privacy Policy at any time by publishing an updated version of this Privacy Policy on our Sites and taking any further action as required by law, after which, your continued use of the Sites or your provision of any further personal information will indicate your acknowledgement to the modified terms of this Privacy Policy. This Privacy Policy was last updated on 26 July 2022.