Privacy Statement and Privacy Policy

Updated as of 17 July 2024.

This Privacy Statement applies to each company in the Shift Group including ACS Australia Holdings Pty Ltd (ACN 655 692 176) and Shift Financial Pty Ltd (ACN 149 390 625) and its related bodies corporate (together "Shift").

Shift is bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles. We collect and hold your personal information, such as your name, identity details, contact details, device details and records of our dealings with you. We collect this information which is reasonably necessary for the purpose of following up your enquiries, providing loans and identifying you.

If you are a non-Australian resident, you authorise the document issuer including your mobile carrier to disclose your mobile account details for the purpose of verifying your identity. Those details may include your name, address, and device details.

We may use your personal information in order to provide you with information about products and services that may be of interest to you. You can elect to unsubscribe to receiving our communications at any time using the contact details set in our Privacy Policy at www.shift.com.au/privacy-policy.

Our Privacy Policy sets out our approach to managing your personal information. It explains how you may seek to access and/or correct the personal information that we hold about you, as well as how to make a complaint about a breach of our obligations under the Privacy Act, and how we will deal with complaints. You can access our Privacy Policy at www.shift.com.au/privacy-policy.

Updated as of 17 July 2024.

This Privacy Policy applies to each company in the Shift Group including ACS Australia Holdings Pty Ltd (ACN 655 692 176) and Shift Financial Pty Ltd (ACN 149 390 625) and its related bodies corporate (together "Shift").

Contact details: Please contact us on disputeresolution@shift.com.au or 1300 249 649.

Shift (“we”, “us”, “our”) is bound by the Australian Privacy Principles in the Privacy Act 1988 (Cth). We understand the importance of, and are committed to, protecting your personal information. This Privacy Policy:

• explains how we collect, use and store your personal information; and
• outlines our obligations and your rights in respect of our dealings with your personal information.

We know that the way we collect, use and store your personal information is important to you, and we value your trust. This Privacy Policy explains how we manage your personal information and includes our approach on handling credit reports and other credit-related information.

“Personal information” is any information or an opinion, whether true or not, that could identify you or be used to establish your identity. We collect and hold personal information that is reasonably necessary to assess your loan application and/or manage your loan after it is approved and funded. This may include, but is not limited to, some of the following information:

• Your name and date of birth;
• Your contact details including your residential and business address, email address and telephone/mobile numbers;
• Your employment details, employment history and salary information;
• Driver’s licence and passport;
• Credit Card, Debit Card or bank account details;
• Financial information (your information or that of your business) such as income, expenses, financial assets and liabilities; and
• Citizenship and residential status.

We do not collect sensitive information such as your race, religion, criminal records and medical history.

The primary purpose for collecting your personal information is so that we can decide whether to provide your organisation with a loan.

We also collect and use your personal information to enable us to:

• personalise our customer service given the specific needs of your business;
• respond to your queries, requests for information about the services we offer and to resolve any complaints;
• assess your current and future loan applications, including by reviewing any previous loan applications you may have made, and the reasons for granting or rejecting those applications;
• manage your loan or facility on an ongoing basis and provide you related services;
• inform you of other financial products which may meet the needs and requirements of your business;
• meet our legal and regulatory obligations (e.g. to verify your identity); and
• carry out our internal operations, such as record keeping, training and auditing.

You also have the right to refuse to provide us with personal information. However, this may mean that we are unable to offer you a loan or allow you to participate in marketing activities that depend on the collection of that information.

Most of the personal information we collect will be directly from you. We gather this information either through application forms or other forms that you complete and submit to us (in writing and digitally) and by recording the information you provide via phone calls and interviews.

However, personal information may also be sourced as follows:

• collected on an aggregate basis as you and others browse our website. If you choose to correspond through e-mail, we may retain the content of your e-mail messages together with your e-mail address and all responses sent through our website;
• from the data contained in your bank statements or transaction data which includes your and your organisation’s financial transactions with third parties;
• from third parties you may obtain services from that you have consented to sharing information with us;
• from service providers, agents, advisers, brokers and credit bureaus;
• from documentation you have provided to enable us to validate representations made by you. This may include; your driving license, passport, Medicare card, bank account details, as well as organisation details (such as name, ABN and address); and
• from information about you and your organisation from public sources and other organisations with whom we deal.

You should also be aware that when you visit our website or apply for a loan, we collect information sent to us by your computer, mobile phone or other access device. The information sent to us includes data on the pages you access, your computer IP address, device identifiers, the type of operating system you are using, your location, mobile network information, standard web log data and other information.

In general, we use or disclose your personal information and other information you may provide to us to enable us to approve your loan application or to assist us to manage your loan or facility and provide you related services on an ongoing basis.

We may also disclose your personal information and other information you provide to us to other organisations, including: 

• other areas within Shift Financial that provide financial and other services;
• collection agencies and law firms to help us recover funds when you are in default of your obligations, as permitted by law; 
• specialist advisers, that we engage to provide us with services such as administrative activities, audit, financial, some of whom may contact you on our behalf;
• service providers that we use to offer our products and services to you such as software providers, identity verification services and payment verification providers;
• bank feed providers that retrieve your transaction data or account statements from other financial institutions and share them with us with your consent;
• credit reporting bureaus or reference agencies;
• anyone authorised by you or to whom you have provided your consent, including brokers, agents and advisers and other financial service providers that we may need to deal with on your behalf;
• persons involved in arrangements that provide funding to us, including investors, debt funders, advisers, trustees, debt purchasers and rating agencies;
• other financial services institutions which are enquiring about your loan conduct with us in order to make a credit decision in relation to your loan application with them;
• other financial services institutions and industry networks in order to detect, investigate or prevent actual or potential fraud in connection with the products or services that we may provide to you; and
• anyone to whom we, or our service providers, are required or authorised by law to disclose your personal information. For example, law enforcement agencies, and national and international government and regulatory authorities including but not limited to the Australian Taxation Office, the Australian Prudential Regulation Authority, the Australian Securities & Investments Commission and the Australian Transaction Reports & Analysis Centre.

We take all reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations with respect to the protection of your personal information.

If you do not wish us to provide your information to your broker or other agent, you must contact us by email.

Do we send your personal information overseas?

Your personal information may be disclosed to overseas recipients such as staff of our related bodies corporate in India who are involved in processing and managing your loan application.

When you apply for a commercial loan, we need to know if you will be able to make the repayments and meet any other terms and conditions. This means we obtain a credit report about you.

A credit report contains information about your history which helps credit providers assess credit applications.

If you apply for commercial credit with us, or propose to act as a guarantor, we may disclose your personal and/or credit information to, or collect personal and/or credit information about you (including consumer credit information), from credit reporting bodies. Information may include:

• your identification details;
• the type of loan you are requesting or have obtained;
• how much you are borrowing;
• if you have committed an act of dishonesty or fraud;
• credit limits and certain terms and conditions relating to credit arrangements;
• start and end dates of particular credit arrangements;
• repayment history information; and
• financial hardship information.

We may ask credit reporting bodies to use their information to vet you for direct marketing.

You can ask a credit reporting body not to do this. In addition, if you have or suspect you have been a victim of fraud, you can ask the credit reporting body not to use or disclose any information it holds about you.

The reporting body that we deal with is Equifax – www.equifax.com.au. To view their privacy policy, how your personal information is managed, and your rights, you can visit their website or contact them directly for further information.

You may request access to the personal information that we hold about you subject to any applicable laws. We ask that you clearly identify the type(s) of information you need when you make a request for your personal information.

You should be aware that your rights to access personal information are not absolute and in some cases, privacy laws do not permit us to grant you access to your personal information, such as in circumstances where the access may have an unreasonable impact on the privacy of others, providing access would be unlawful or where access may prejudice legal proceedings or enforcement action.

We will deal with your request for such access within a reasonable time. If we refuse access, we will provide you with a written notice which sets out the reasons (unless it would be unreasonable to do so) for the refusal and the relevant provisions of the Privacy Act 1998 (Cth) that we rely on to refuse access to your personal information.

We may recover reasonable costs in relation to a request for access to your personal information.

We take reasonable steps to ensure that the personal information we use or disclose is accurate, up-to-date, complete and relevant. Where we believe that the personal information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information.

You may also request that we correct your personal information by email at disputeresolution@shift.com.au or calling us on 1300 249 649.

We will deal with your request to correct your personal information within a reasonable time. If we do not agree with the corrections you have requested, we are not obliged to alter your personal information accordingly. However, where we refuse to correct any personal information as requested by you, we will give you a written notice which sets out the reasons for our refusal.

Your personal information will be stored in electronic databases. We take all reasonable steps to ensure that this personal information is protected from misuse, interference and loss and unauthorised access, modification or disclosure. We may use passwords, encryption and firewalls to protect your personal information from any misuse or inappropriate access.

This means that, in respect of our electronic files, we maintain secure electronic network systems. Although we cannot guarantee the security of information transmitted to us by you, we have taken reasonable steps and implemented measures to maintain the confidentiality of this information once received by us.

When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we ensure that the personal information is destroyed or de-identified.

Please notify us immediately if you become aware of any breach of security.

If you are seeking general information about our services and products but you do not wish to apply for a loan, you have the option to deal with us anonymously or by using pseudonym. However, if you wish to apply for a loan, you must provide us with the personal information which we require to verify your identity for Anti-Money Laundering / Counter Terrorism Financing purposes and to process your loan application.

In the event of any unauthorised access or unauthorised disclosure or loss of your personal information that is likely to result in serious harm to you, we will investigate the matter and notify you and the Office of the Australian Information Commissioner in accordance with the Privacy Act 1988 (Cth).

This section explains how we handle personal information collected from our website. If you have any questions or concerns about transmitting your personal information via the internet, you may contact us by email at disputeresolution@shift.com.au or calling us on 1300 249 649, as there may be other ways for you to provide us with your personal information.

When accessing our website, we may use software embedded in our website and we may place small data files (or cookies) on your computer or other device, to collect information about your visit, such as:

• the time and date of the visit;
• any information or documentation that you download, including the pages you visited;
• the length of time you stayed on each page;
• your browser type; and
• your server address.

A “cookie” is a small text file which is placed on your internet browser and which we access each time you visit our website. Cookies help us collect important business and technical statistics which enable us to serve you better. The information in the cookies lets us track the various paths followed by users of our website as they move from one page to another while on our website. Web server logs allow us to assess site visits and site visit capacity. These methods are not used to capture individual e-mail address or any personally identifying information about you.

You may change the settings on your browser to reject cookies, however, doing so may impact your use of our website.

When we receive emails, we will retain the content of the email and our response to you where we consider it necessary to do so.

We make reasonable efforts to ensure that the most up-to-date security measures are used on our website to protect your personal information. Any data containing personal information which we transmit via the internet is encrypted. However, we cannot guarantee that any information transmitted via the internet by us, or yourself, is entirely secure. You use our website at your own risk.

Our website may contain links to third party websites. Please be aware that the terms of this Privacy Policy do not apply to external websites. If you wish to find out how any third parties handle your personal information, you will need to obtain a copy of their privacy policy.

We may use your personal information, including your contact details, to provide you with information about products and services, which we consider may be of interest to you. This may include third party products and services.

We may also use or provide your details to other organisations and third-party vendors for specific marketing purposes, such as to personalise or provide target marketing to you. Third party vendors, including Google, may use cookies and/or device identifiers to show our marketing based on your past visits to websites. You may opt-out of third-party vendor’s (such as Google) use of cookies or use of device identifiers by visiting their website.

You may opt out at any time if you no longer wish to receive marketing from us. In order to do so, you will need to request that we no longer send marketing materials to you or disclose your information to other organisations for marketing purposes. You can make this request by email at disputeresolution@shift.com.au, calling us on 1300 249 649, or by “unsubscribing” from email marketing messages.

If you have any questions, concerns or complaints about this Privacy Policy, or our use of your personal information, please contact the Lender by email at disputeresolution@shift.com.au or calling us on 1300 249 649. You can also contact the Lender if you believe that the privacy of your personal information has been compromised or is not adequately protected.

We will, within seven days, acknowledge your complaint in writing. Depending on the nature of your complaint and any information you provide, we may need to consult and/or notify credit reporting agencies or other parties..

We will make a decision about your complaint following an internal investigation. We will inform you of an outcome within 30 days of receiving the complaint or a longer period as we agree with you in writing..

If you are not happy with the complaint process or outcome you can escalate the matter to the Office of the Australian Information Commissioner by phone on 1300 363 992 or email at enquiries@oaic.gov.au.

This Privacy Policy is effective as of 1 May 2024. We will update this Privacy Policy when our practices change, and any amendments will apply to the information we hold at the time of the update. We will post the updated Privacy Policy on our website. We strongly encourage you to check our website from time to time to view our current Privacy Policy or please contact us for a printed copy.