Last updated 27 February 2023
CCM is committed to protecting your Personal Information. CCM complies with the Privacy Act 1988 (cth) (Privacy Act) Privacy (Credit Reporting) Code 2014 (Version 2.2) (Credit Reporting Code) and regulations thereunder (together, the Privacy Laws) in the collection, storage, transfer, processing, retention and deletion of the Personal Information that we collect from users of our services (you, your).
CCM acts in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act. The APs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. You can view the APPs on the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au.
We will also handle your Credit-related information in accordance with Part IIIA of the Privacy Act and the Credit Reporting Code.
'Personal Information' is information or an opinion about an identified individual, or an individual who is reasonably identifiable:
'Credit-related Information' is a type of personal information that includes the following:
We only collect Personal Information to the extent that it is reasonably necessary for one or more of our functions or activities. Examples of the Personal Information that we may collect include:
This Personal Information is obtained in many ways including from our third party providers and public searches, interviews, correspondence, by telephone, by email, via our website, from media and publications, from social media, from other publicly available sources, from cookies and from third parties.
When you use our services or visit our website we may automatically collect information about your computer hardware and software, including your IP address, browser type, domain names, internet service provider, the files viewed on our site (e.g. HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. This information is used by CCM to provide general statistics regarding use of our website. For these purposes, we may link this automatically-collected data to Personal Information such as name and email address.
We do not collect Sensitive Information about you (as defined in the Privacy Act), unless you provide it to us voluntarily, or consent to its collection. 'Sensitive Information' includes information or opinion about an individual's racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record, as well as health information and certain genetic and biometric information, provided that the information or opinion otherwise meets the definition of Personal Information. In some cases, certain Sensitive Information may be requested as part of a job application, or your role as our contractor or employee (such as vaccination information).
You consent to us collecting Sensitive Information which you provide to us voluntarily, for the purposes that information was collected. If we need to collect any Sensitive Information for a specific purpose, we will ask for your specific consent and only use or disclose that information for the purposes it was collected, or as otherwise permitted under the Privacy Act.
If someone other than you provides us with Personal Information about your that we did not ask for, or you provide us with unsolicited Personal Information, we will only hold, use or disclose this information if we determine that we could have collected this information from you had we asked for it, in this circumstance, we will take all reasonable steps to notify you of the collection of that information. If we could not have collected this Personal Information, we will de-identify or destroy that Personal Information as required by law.
We hold your Personal Information in different ways, including in paper and electronic form. All Personal Information that we collect is protected using appropriate physical, technical and organisational measures and is restricted to our authorised staff on a strict need-to-know bases. We take reasonable steps to secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. In appropriate cases, we require our external service providers with access to Personal Information to sign data processing agreements or similar agreements that require them to take the necessary and reasonable steps to protect the Personal Information provided to them.
Despite these reasonable steps, no security system is impenetrable and, due to the inherent nature of the internet, we cannot guarantee that information, during transmission through the internet or while stored on our systems or otherwise, will be absoloutely safe from unauthorised access by others.
Our use of your Personal Information will depend on our relationship with you, the circumstances of collection and the types of products and services you request from us. Groups of individuals that we collect information about may include the general public who visit our website, our customers, contractors, job applicants and business contacts of our service providers.
We may use and disclose your Personal Information for the primary purpose for which we have collected that information, for related secondary purposes within your reasonable expectations, where permitted under the Privacy Act and where otherwise required or authorised by law, including under the Privacy Act.
If we act as an agent for a credit provider, we require Credit-related information to assess your credit, or guarantor, application or the credit application of a company of which you are a director, to source a suitable credit provider and any required insurances and to manage the application process, where required.
We may disclose Personal Information in accordance with the applicable law and for the purposes described above, including to third parties such as our contactors, suppliers, agents and service providers who help us deliver, administer and support our products and services, including for the purposes set out under paragraph 6, and for:
We engage other entities to provide services to our customers and other users and may need to share your Personal Information with them to provide information, products or services to you. Examples may include analysing data or performing statistical analysis, supplementing the information you provide us in order to provide you with better products or services and providing support. In all cases where we share your Personal Information with such entities, we explicitly require them to acknowledge and adhere to our privacy and data handling policies.
Some of the key third party service providers we use include financing services, payment processors, email marketing and messaging, identity verification, support, e-signing and other services. We may update or change the service providers that we use from time to time and will continue to take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your Personal Information. In some instances, you will be asked to provide information directly to these providers, in those cases Personal Information will be handled in accordance with the third party service provider's terms and conditions and privacy policies.
If our business is acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information (including Personal Information) held by CCM that has been gathered by use of our services or through the use of our website. If this information includes your Personal Information, you will be notified via email or a prominent notice on our website, of any such change in ownership, the uses of your Personal Information, and choices you may have regarding your Personal Information.
We represent the Secretary of the Victorian Department of Transport in collecting and providing it with information about individuals which is required to register vehicles, including the individual's name and address. If you would like to contact the Department, please see the latest contact details on its website here.
We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
Under the Privacy Laws, you have certain rights in relation to the Personal Information that you provide us including:
To exercise any of these rights, please contact us using the contact details in Section 21 below. We will respond to your request to access or correct your information within a reasonable timeframe and notify you of the action we have taken.
There may be instances where we cannot grant you access to the Personal Information and Credit-related information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal. There is no change for requesting access to your Personal Information but we may require you to meet our reasonable costs in actually providing you with access.
We will take all reasonable steps to ensure that the Personal Information and Credit-related information we collect, use or disclose is accurate, complete and up-to-date, and we will try to confirm your details through our communications with you and promptly add updated or new Personal Information to existing records when we are advised. However, we rely on the accuracy of Personal Information as provided to us both directly and indirectly. If you believe we are holding Personal Information about you that is inaccurate, incomplete, irrelevant or misleading, you can ask us to correct it, or delete it altogether. We will respond to your request within a reasonable period and if we do not consider that your Personal Information needs correcting, we will provide reasons for the refusal and information about how you can complain about the refusal.
We retain Personal Information and Credit-related information that you provide to us where we have an existing purpose to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
When we have no ongoing purpose to hold your Personal Information and Credit-related information, we take reasonable steps to securely delete the information or anonymise it or, if this is not possible, securely store your Personal Information and Credit-related information and isolate it from any further processing until deletion is possible.
If you have elected to receive marketing communications from us, we retain Personal Information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your CCM account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
We may offer publicly accessible blogs. Please keep in mind that if you directly disclose any information through our public blogs, this information may be collected and used by others. We will correct or delete any information you have posted on our website if you so request, as described below.
We may, from time to time, send direct marketing communications to you via email, telephone, SMS and push notifications about our activities and services and other material that we consider you would find interesting or useful. We may continue sending these direct marketing communications after you cease using our services, for example in relation to warranties or after-sale services. These communications will be sent in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth). If you do not wish to receive such direct marketing communications, you can always opt out. If you are receiving email communications from us, there will be a mechanism to opt out contained in each of those emails. To stop receiving other communications from us, you can contact us via any of the channels listed below.
If you choose to opt out of direct marketing communications, please note that CCM may still contact you and your employees for other reasonable purposes, including information that CCM is legally required to send, notifications of changes to CCM services or policies and information regarding the use, rights, benefits or obligations of users of our services.
We do not use Sensitive Information for direct marketing and we do not provide your Personal Information to other organisations for the purposes of direct marketing.
As part of providing our services to you, we may undertake tasks for a credit provider which are reasonably necessary to manage the application process. When doing so, we are acting as agent for the credit provider, with the same privacy law requirements applying to both of us.
We may submit your application to one or more credit providers.
A credit provider, to whom we submit an application, may disclose information about you to, and collect information about you from, one or more credit reporting bodies.
If you are late in repaying consumer credit you have obtained or you commit a serious credit infringement, the credit provider may disclose that information to a credit reporting body.
Each credit provider's website includes information on how to contact it and how to obtain a copy of its privacy documents in a form that suits you (e.g., hardcopy or email).
In addition to your rights under paragraph 9, you also have the rights to:
The credit reporting bodies we deal with are listed in Section 17 below.
The contact details for the credit reporting bodies we may deal with are listed below.
The credit reporting bodies may share the information provided to it by us (or by the relevant credit provider), to other credit providers to assess your creditworthiness.
In respect of complaints relating to potential breaches of Part IIIA or the Credit Reporting Code, we will acknowledge your complaint within 7 days. We will investigate your complaint and where necessary, will consult with other credit providers or credit reporting bodies. We will notify you of a decision within 30 days or longer where agreed with you in writing.