We respect the privacy of personal information that is provided to us. This policy explains how we manage that information.
This policy applies to any personal information you provide to us and any personal information we collect about individuals from other sources. We also have a Credit Information Policy which applies specifically to our handling of personal credit-related personal information.
What is personal information?
‘Personal information’ is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether the information or opinion is recorded in a material form or not.
Sensitive information is a particular kind of personal information, and has the same meaning given to it in the Privacy Act 1988 (Cth) when used in this policy.
Why we collect personal information
We collect personal information that is reasonably necessary to perform our functions and activities, including:
- facilitating and encouraging Australian export trade and overseas infrastructure development;
- encouraging other financiers to support Australian export trade and overseas infrastructure development;
- providing information and advice about export and infrastructure finance; and
- assisting other Commonwealth entities.
Examples of how we use and disclose personal information include for:
- responding to your requests and enquiries;
- communicating with you during the course of your business or other relationship with us;
- responding to a complaint that you may make;
- developing and identifying products and services that may interest you;
- compliance with applicable laws;
- updating and maintaining our records;
- notifying you about important changes to, or development of, our functions, activities, services and website;
- conducting direct marketing, market research campaigns or customer satisfaction research;
- developing, establishing and administering alliances and other arrangements with parties (including financiers, insurers and Commonwealth government agencies and Departments such as Australian Trade and Investment Commission, the Department of Foreign Affairs and Trade and the Minister for Trade, Tourism and Investment) in relation to the promotion, administration and use of our respective products and services;
- assessing your application for employment and to maintain any employment relationship;
- providing assistance to other Commonwealth entities in relation to the operation and administration of financial and service arrangements, and agreements between us and those Commonwealth entities; or
- where reasonably necessary, notifying those impacted that a person who has visited our premises may have contracted COVID-19. Any such disclosures will be in line with applicable government health advice and on a need-to-know basis, disclosing only the minimum amount of information we consider reasonably necessary to be disclosed.
Dealing with us anonymously
Generally, you can opt to deal with us anonymously or use a pseudonym. However, it might not be practical or possible for us to deal with you in this way in some circumstances. Also, there are circumstances where we may be required or authorised by law to know your identity in order to perform our functions and activities.
Please note in section 4 below certain kinds of information collected when you are browsing our website.
What personal information we collect and hold
The types of personal information we collect and hold about you depend on the function or activity being performed. Examples of personal information we may collect and hold might include:
- personal information provided when you establish a business relationship with us;
- identification information such as your name(s), contact details (personal and/or business) including addresses, telephone numbers and email addresses, drivers’ license, passport details, date and place of birth;
- contact and identification details of any third party that you have authorised to negotiate or provide your personal information on your behalf;
- personal information in relation to employment applications, our employees and contracted service providers, including (as applicable) employment record information such as education, qualifications, skills, performance, conduct, pay details and information required for the purposes of security screening, and information from employment background screening providers;
- IP addresses including via electronic signing platforms; and
- personal information contained in any correspondence between you and us.
In certain circumstances, we may also collect and hold sensitive information about you, for example:
- information about your membership of professional, trade or political associations;
- in relation to Export Finance Australia officials (including employees), criminal record information (as part of employment background screening), or health information including details of medical conditions and dietary requirements;
- information from publicly available sources, for example in relation to criminal activity; or
- if you are present at or have visited our premises, such information that is reasonably necessary to prevent or manage COVID-19.
We recommend generally that you do not provide sensitive information to us unless we specifically request it. We will only collect it where:
- you have consented;
- the information is reasonably necessary for, or directly related to, any of our business activities or functions;
- we are required or authorised to do so by law; or
- a permitted health or general situation exists, including where we are collecting the information in order to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.
When the law requires or authorises us to collect and hold information
We may collect information about you because we are required or authorised by law to collect it. We may require your personal information to verify your identity for the purposes of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and associated regulations.
What we collect via our website
Site Visit Data
Our website hosting provider makes a record of your visit and logs the following information for statistical purposes:
- your server address;
- your top-level domain name;
- the date and time of the site visit;
- the pages accessed and documents viewed or downloaded;
- the previous site visited; and
- the type of browser used.
This information is collected to facilitate our website and system administration.
No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, for example, if a law enforcement issues a warrant to inspect our hosting provider's logs.
External sites that are linked to or from our website are not under our control and users should view their privacy policies separately.
Our use of ‘Cookies’
Cookies are used on our website to supplement the site visit data described above.
Your use of our website and providing information to us
By continuing to use our website or by providing us with information, you consent to us managing your information and the information you provide us with in the manner set out in this policy.
How we collect your personal information
Where reasonably practicable we will collect personal information directly from you. However, in some circumstances we collect personal information about you from someone else.
We collect personal information in the following ways:
- directly from you, or the individual to whom the information relates, including through our website or our digital applications, by telephone, email, in person and in paper and electronic documents (including forms or applications) completed and provided to us;
- where you or another individual are an employee, director or hold beneficial ownership in an entity that we do business with, from that entity;
- through our representatives, advisers and other third parties we deal with, including our professional advisers, government including agencies and departments, law enforcement agencies and our partners (including other financiers) and contracted service providers (including risk and compliance database service providers, company search providers and identification database providers such as Documentation Verification Service providers);
- from credit reporting agencies and from financiers, advisers and representatives of the individual (and companies or entities related to the individual) to whom the information relates;
- from our records of our products or services which you (or a related company or entity) have applied for or utilised; and
- from publicly available sources.
Where you are a prospective or current customer, a service provider or financing partner and provide information to us about a third party, we expect you will ensure that you have made the third party aware of the disclosure of their personal information, the purpose of the collection, and the use and other potential on-disclosures of that information – see also section 7 below.
How we use your personal information
We use and disclose personal information for the primary purposes for which we collect it (see above). We may also use or disclose personal information we collect for secondary purposes that are otherwise permitted under the law, including where:
- we have obtained consent;
- you would reasonably expect the use or disclosure, and the secondary purpose is related to the primary purpose (or in the case of sensitive information, either the secondary purpose is directly related to the primary purpose, or otherwise where a permitted general situation exists);
- the use or disclosure is required or authorised by law or court/tribunal order; or
- we consider the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Sharing your personal information
We sometimes need to share your personal information with others.
We disclose personal information to third parties located in Australia or overseas where we believe such disclosure is reasonably necessary to perform our functions and activities, including to provide our products and services. We may disclose your personal information to:
- our external advisers (for example, our lawyers, accountants and auditors);
- other insurers;
- other financiers;
- government entities, companies and departments, including to the Australian Trade and Investment Commission, the Department of Foreign Affairs and Trade and the Minister for Trade, Tourism and Investment;
- our business partners and service providers we engage to support or assist us to perform our functions and activities, including for example in connection with our products and services;
- third parties we engage for promotional activities or direct marketing purposes to the extent permitted by law;
- anyone to whom we are required or authorised to disclose information to, by or under Australian law, or a court/tribunal order; and
- with your consent, other entities.
The parties listed above may in turn disclose your personal information to other parties in accordance with their privacy policies or equivalent. In addition, we and third parties we disclose to or use to hold your personal information (as set out above) may hold or store your personal information overseas, including with a cloud service provider located overseas (see section 9 below for how we ensure your information is appropriately protected).
We may disclose personal information to third parties by electronic means, including via the internet.
Giving us personal information
If you give us personal information about other individuals, we rely on you to have made them aware:
- that you will provide that information to us;
- of the types of third parties to whom we may disclose personal information; and
- of how those individuals may obtain access to personal information relating to them.
Where the personal information is sensitive information, we rely on you to have expressly obtained the relevant individual’s consent to the above. If you have not done these things, you must tell us before you provide the relevant information.
How we hold your personal information
How we hold personal information
The security of your personal information is important to us and we take (and require third party service providers and suppliers, including any based overseas, to take) reasonable steps to:
- protect any personal information we hold from misuse, interference and loss, and unauthorised access, modification or disclosure; and
- ensure that personal information is handled in accordance with applicable law.
We may store your personal information in different forms, including in hard copy or in electronic form (including in cloud-based applications and services). We have in place policies, procedures and systems to keep your information secure. In circumstances where personal information will be sent, used or disclosed overseas, we will take reasonable steps in engaging appropriate third parties, including in conducting appropriate due diligence on the security of these systems and by ensuring appropriate contractual protections are in place and in compliance with applicable law.
We are sometimes required or authorised by law to retain certain personal information including for periods of time, for example, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). Under the Archives Act 1983 (Cth), we cannot destroy Commonwealth Government records (which may contain personal information) except in specific circumstances. If the personal information is not held in a Commonwealth Government record and there is no other legal impediment to doing so, we may take reasonable steps to destroy or de-identify the personal information when we are no longer required to retain it.
How we store information transmitted electronically
Your information supplied to us via our website or other electronic means is held securely and used and disclosed as set out in this policy. However, you should be aware that communications via the internet is not entirely secure and information you send to us is not necessarily secure during transmission.
If you are concerned about sending us information over the internet, you may be able to download the relevant form and post it to us or provide it to us in person.
Accessing and correcting your personal information
How you can access your personal information
It is important that the personal information we hold about you is complete, accurate and up to date, including so that we can properly conduct our business. As such, we may ask you to tell us of any changes to your personal information while we continue to hold it.
How you can correct your personal information
You may request (via the contact details set out below) access to your personal information we hold and request that it be corrected if you believe the information we hold is out of date, inaccurate, incomplete, irrelevant or misleading.
We will provide you with access to your personal information except in limited circumstances set out by law. If we refuse a request for access or correction to personal information, we will provide you with written reasons for that refusal.
We will respond to a request for access or correction within 30 days after your request is made and received, without any cost to you. Where we cannot correct your personal information we will let you know in writing and, on request, we will take reasonable steps to record a statement on our files that you have a contrary view.
Unsubscribing from marketing communications
If we send you information about products or services that you do not wish to receive, you can inform us that you wish to unsubscribe or opt out by contacting us in writing (via the contact details set out below).
Making a complaint
If you have a complaint about how we handle your personal information, please contact us using the contact details below. Please note that we will ask you to lodge your complaint in writing. We will endeavour to understand and resolve your complaint as soon as possible, in accordance with our Complaints Mechanism.
If you make a privacy complaint to us and are not satisfied that the matter has been resolved, you can lodge a complaint with the Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC). Further information about making a privacy complaint to the OAIC is available at:
You can make a complaint directly to the OAIC rather than to us. In most cases, however, it is likely that the OAIC would refer you to us at first instance to see if your complaint can be resolved without requiring their involvement.
If you wish to contact us regarding our handling of your personal information or any of the matters covered in this policy, you can contact our Privacy Officer by:
- Post: Attention: Privacy Officer, Export Finance Australia, Level 10, 22 Pitt Street, Sydney NSW 2000
- Phone: +61 (0)2 8273 5333
- Email: firstname.lastname@example.org
Changes to this policy
This policy is subject to regular review in accordance with our Compliance Plan. Any changes to it will be notified publicly by us posting an updated version on our website, and the changes will be effective from that date.
Any information we hold will be governed by the most current version of this policy.
This policy was last updated in February 2021.