Privacy Information Notice

We care about your privacy rights and how we use and share the personal data you provide to us.  This Privacy Notice describes who we are and how we collect and process your personal data through our website and operational interactions with you.  

  • Data controller information
  • What personal data do you collect?
  • How and why we use your personal data
  • What about cookies and other electronic identifiers?
  • Who do we share your personal data with?
  • Do you transfer my data outside of the European Economic Area, Switzerland or the UK?
  • How do you keep my personal data secure?
  • What are my rights?
  • How long do we keep your personal data?
  • Changes to this Privacy Notice
  • Our Data Protection Manager’s contact details.

MA UK Operations Ltd and MA UK LPF Ltd (MA UK) are data controllers of personal data collected and processed through our websites and via our operational interactions with you.  

MA UK is registered with the UK Information Commissioner’s Office as follows:

  • MA UK Operations Limited: Registration Reference ZB062719.
  • MA LPF Limited: Registration Reference ZB062738.


What Personal Data Do You Collect?

We collect the following types of personal data so we can perform our business activities and to provide, and continually improve, our services:

Information you give us:  We receive and store any personal data you provide to us when you contact us to enquire about, or ask us to provide, our services to you.  This includes when you:

  • Interact with our website to learn about our services
  • Enquire about our lending services
  • Apply for funding for your organisation
  • Set up an account with us on our Loan Management System and customer portal
  • Communicate with us by phone, email, or otherwise
  • Request customer or technical support
  • Express an interest in working for MA UK

As a result of these actions, you might supply us with personal or business email addresses, your name, job title and contact telephone numbers, or your CV when applying to work for us. We create a unique user ID for you when you are approved to access our Loan Management System and Customer Portal.

Automatic information:  We do not automatically collect or store information about your use of the MA UK website  Unlike many websites, we do not use cookies or other unique identifiers to obtain certain types of information when your web browser or device accesses our website and application services.  As we do not use cookies, we do not have a Cookie Policy.

How and Why We Use Your Personal Data:

We process your personal data to operate, provide and improve the services that we offer our customers. These purposes include:

  • Establishing our service relationship with you.  We use your personal data in a business-to-business (B2B) context to establish our business relationship with you (or your employer), to negotiate business relationships such as setting up lending agreements, supplier agreements and other partnerships that enable us to provide the services that you or your employer has requested.  We rely on the lawful basis of the processing being necessary ‘in performance of a contract’ with you (or your employer).
  • Managing our accounts and records.  We use your personal information to inform you about service changes, and other relevant service announcements and provide customer support.  We rely on the lawful basis of the processing being necessary ‘in performance of a contract’ with you or when you ask us to enter into a contract for our services.
  • Provide help, troubleshoot, and improve our services.  We use your personal data to provide functionality, analyse performance of our IT systems, fix errors, and improve usability and effectiveness of our services and applications, as well as personalise your experience when you engage with us. Our loan management system creates logs of all user actions performed on the system. We also rely on the lawful basis of ‘in performance of a contract with you’ for this processing.
  • Comply with legal obligations.  In certain cases, we may collect and use your personal data where we are required to do so to comply with other laws and regulations.  For example, for financial protection, fraud prevention and credit risk management activities imposed upon us by the UK Financial Conduct Authority.
  • Recommendations and personalisation.  We may use your personal data to communicate with you in relation to our services (e.g., by email and phone) including recommending features and other services that might meet your needs.  It is in the ‘legitimate interests’ of our business to promote our services in this way but, where this activity represents a direct marketing purpose, you will be asked to provide your consent (i.e., ‘opt-in’) to marketing communications.  You may withdraw your consent at any time and we will stop processing your data for that purpose.  
  • We do not use your personal data to advertise unrelated or third-party products or services.
  • We do not sell your personal data to other organisations.
  • We do not process special category personal data except where we are required to do so in relation to a legal or regulatory requirement, such as anti-money laundering and prevention or detection of crime (fraud).

What About Cookies and Other Identifiers?

We do not use cookies or similar tools.

Who Do We Share Your Personal Data With?

Information about our customers is an important part of our business. Like most organisations, we may employ other companies and individuals to perform processing activities on our behalf.  Examples include your lender, partners that provide IT cloud hosting and data storage, IT system administration, credit search agencies and accountants.  These third-party service providers may have access to the minimum personal data needed to perform their functions, but only where necessary.  They are governed by contractual agreements that prohibit them from using your personal data for any other purpose and only in accordance with our written instructions, and as permitted by applicable data protection laws.

Do You Transfer Personal Data Outside of the European Economic Area, Switzerland or the UK?

The personal data you provide or generate when using our services is managed and stored in the UK, and your rights and freedoms over the processing of your personal data are protected under the UK Data Protection Act 2018 (UK GDPR).  If it becomes necessary to transfer your data to a third country, we will ensure that your rights remain protected in accordance with this Privacy Notice and as permitted by the applicable laws on data protection.

How Do You Keep My Personal Data Secure?

We design our systems with your security and privacy in mind.  As such:

  • We work to protect the security of your personal data during transmission by using encryption protocols and security software.  We also use anonymisation techniques to ensure you cannot be identified from data we share with your lender.
  • We maintain physical, technical and organisational security measures to keep your data as safe as possible and we may ask you to verify your identity before we disclose personal data to you.

What Are My Rights?

  • If you have any questions or concerns about how we collect and process your personal data, please contact us in the first instance at the address below and we will endeavour to answer your questions or resolve your concerns.  If we are unable to do so, you have a right to complain to the UK Regulator, the Information Commissioner’s Office (ICO) at www.ico.org.uk.
  • You have a general right to be informed about who and why someone is processing your personal data.  This Privacy Notice provides that transparency.
  • As described above, you can choose not to provide certain information.  However, you then might not be able to take advantage of some of our services.
  • You can add or update certain information or have inaccuracies rectified.
  • If you do not want to receive marketing emails or other unnecessary (non-service related) communications from us, you can adjust your mailing preferences at any time.  
  • You have additional rights relating to profiling and automated decision making.  For example, you can ask for automated decisions made about you to be explained.  We do not use your personal data to make any automated decisions about you and do not use any artificial intelligence software or perform profiling activities.
  • In addition, subject to applicable law, you have the right to request access to, and erasure of your personal data, and a limited right to ask for your data to be passed to another data controller without restriction (data portability).  You may also object to our processing of your personal data or ask that we restrict the processing in certain instances.  If you wish to action any of the above rights, including to submit a data subject access request, please contact us at the address provided below.  Such requests are fulfilled free of charge.

Are Children Allowed to Use Your Services?

We do not intentionally collect personal data relating to children.  

How Long Do We Keep Your Personal Data?

We keep your personal data in an identifiable form only for as long as it is necessary to fulfil the relevant purposes described in this Privacy Notice, and as may be required by law, such as retention for tax and accounting purposes, or as otherwise communicated to you.

If you express an interest in working for us, or apply for an advertised position, we will retain your CV for a maximum period of 12 months.  If we would like to keep your CV and contact information for longer, for future recruitment purposes, we will ask you to provide your consent for this.

Changes to this Privacy Notice

We are not responsible for the privacy policies of other websites you may visit when you follow any link from our site.  We encourage you to read the privacy notices published by other websites before providing any personal data.  We may occasionally change this Privacy Notice to reflect changes to our business operations, including if we are acquired by another organisation or sold, and to maintain transparency of our processing of personal data.  Where necessary, those changes will be published on our website.

Our Data Protection Manager’s Contact Details:

cyrus.kateli@mafinancial.com

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Close
Privacy Policy

MAF Credit

INTRODUCTION

This policy applies to personal information collected by MAF Credit Pty Ltd (ACN 623 716 503) and all of its wholly-owned subsidiaries, together referred to in this Policy as “MAF Credit”, “us”, “our” or “we”. It outlines how MAF Credit collects and uses your personal information in accordance with the Privacy Act 1988 and the Australian Privacy Principles.

WHAT INFORMATION DO WE COLLECT?

MAF Credit will collect and hold your personal information for the purposes of:​
Providing products and services to you;
Managing and administering the products and services;
and Letting you know about our other products and services.​

The type of information collected from you includes information necessary to operate your account or for us to provide financial services to you. We may ask you to provide personal information such as:​

Name;
email address;
residential and/or postal address;
date of birth;
contact details;
bank account details;
and financial details.

HOW PERSONAL INFORMATION IS COLLECTED?

The personal information we collect about you comes primarily from your account application forms, engagement letters or other product forms and through our ongoing communications with you. MAF Credit may collect information about you in addition to what you voluntarily provide to us in order to comply with relevant laws and regulations. Wherever there is a legal requirement for us to ask for information about you, we will inform you of the obligation and the consequences of not giving us the requested information. For example, in addition to obtaining personal information from you when you acquire a new product or service from us, we will need to obtain certain documentary evidence from you as to your identity. Such evidence may include items such as a certified copy of your driver’s licence, passport or birth certificate.​

We will not collect any personal information about you except where you have knowingly provided that information to us or we believe you have authorised a third party to provide that information to us. Any information collected from publicly available sources will be treated in the same way as the information you voluntarily disclose with strict confidence.

HOW DO WE USE AND DISCLOSE YOUR PERSONAL INFORMATION?

We only use and hold your personal information for the purpose of providing you with the financial service or products you have sought from us or for any other matters that are directly related with that purpose that you would reasonably expect.​

The types of external organisations to which we often disclose your personal information include:·
any organisations involved in providing, managing or administering our products or services such as settlement agents, custodians or external dispute resolution services;
your financial adviser;
any fund administrator and custodian where you have invested in one of our managed funds;
any financial institution who holds an account for you;
any professional advisers appointed by us;
businesses that may have referred you to us; and
other MAF Credit associated entities located globally.​

Like other financial services companies, there are situations where we may also disclose your personal information where it is:

required by law (such as to the Australian Securities and Investments Commission or AUSTRAC);

required by the relevant operating exchange such as ASX or Chi-X under the respective market operating rules and that information may be used by the market for its purposes (for example, in the course of compliance activities);

authorised by law (such as where we are obliged to disclose information in the public interest or to protect our interests);

necessary in discharging obligations (such as to foreign governments for the purposes of foreign taxation); and required to assist in law enforcement (such as to a police force).

SECURITY OF COLLECTED INFORMATION

We endeavor and use reasonable efforts to maintain physical, electronic, and administrative safeguards to protect your personal information from misuse, interference, loss and unauthorised access, modification or disclosure. We restrict access to information about you to those MAF Credit personnel on a need-to-know basis for the purposes of providing services to you.​

Although MAF Credit endeavors to take steps to provide a secure environment to hold your personal information, there is no guarantee that the electronic information about you stored on the internet is totally secure due to the nature of the internet. However, once we detect any unauthorised access or any kind of potential abuse, we will notify you and at the same time take the appropriate remedial steps as early as practicably possible.​

Once your relationship with MAF Credit comes to an end and the service you have sought from us has been provided and completed or upon your request, MAF Credit will destroy your personal information physically and electronically or de-identify your personal information unless it is contained in a Commonwealth record or MAF Credit is required or 3 authorised by an Australian law or a court or tribunal order to retain such information. For instance, your transaction records will be retained for a certain period of time after the transaction completes during which you may have already ceased to be our client.

Destruction of your personal information will be irretrievable. Depending on how we hold your information, paper records containing your personal information will be shredded before it is recycled. If your information is in electronic form, the way we destroy your personal information will vary depending on the kinds of hardware used to store the personal information. It includes sanitizing the hardware to completely remove the stored information. For hardware that cannot be sanitized, we may instead de-identify your personal information or put the information beyond use.​

If your information is stored in the cloud storage of our third party vendors, we will notify our vendor promptly to destroy or de-identify your personal information in the same, or a significantly similar, way.

COOKIES

A “cookie” is a small text file that may be placed on a computer by a web server. Our websites may use cookies which may enable us to identify you or your browser while you are using our site. These cookies may be permanently stored on a computer or are temporary session cookies. They are used for a variety of purposes, including security and personalisation of services. They are frequently used on websites and you can choose if and how a cookie will be accepted by configuring your preferences and options in your browser.

​All browsers allow you to be notified when you receive a cookie and you may elect to either accept it or not. If you wish not to accept a cookie, this may impact the effectiveness of the website. Your internet service provider or other IT service provider should be able to assist you with setting your preferences  

CROSS-BORDER DISCLOSURE

Depending on the type of service or product we provide to you, your personal information may be disclosed to our associated entities, contractors and unaffiliated service providers located in other overseas jurisdictions such as the United States, Europe and the Asia Pacific region (including, but not limited to, China, Hong Kong and Singapore). The overseas jurisdictions that your personal information is subject to cross border disclosure may change from time to time.

Where MAF Credit discloses your personal information to an overseas recipient, MAF Credit will take steps to ensure the overseas recipient does not breach the obligations outlined in this Privacy Policy, however MAF Credit may be unable to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to your information.​

This may mean for information sent overseas you do not have the protections of, or any redress under, the Privacy Act. The overseas recipient may not be subject to privacy obligations equivalent to those under the Privacy Act and could be compelled by foreign law to make disclosure of the information. By using MAF Credit services you consent to MAF Credit making the disclosure to overseas recipients on this basis. We may also disclose your personal information when such disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order.

ACCESS TO AND CORRECTION OF PERSONAL INFORMATION

We will give you access to your personal information within a reasonable time period in a manner requested by you. We may charge a reasonable fee to cover our costs. We may decline the access in the exceptional circumstances that are permitted under the Privacy Act. If this is the case we will inform you and explain the reasons why.​

We will take reasonable steps to ensure that the personal information we collect, hold, use or disclose is accurate, complete, up to date, relevant and not misleading. Reasonable steps that we may take include updating your personal information from public sources such as a telephone directory.

Please be aware that you are also responsible to notify us of any incorrect personal information we may hold as promptly as possible.​

We will respond to your request to correct your personal information we hold within 30 calendar days after the request is made. There will be no charge for the making of any request. We may refuse to correct your personal information we hold about you if we do not agree with the corrections you have supplied. When we refuse your request, we will give you a written notice to that effect and an information statement if requested.

COMPLAINTS HANDLING

If you believe that we have mishandled your personal information, you may lodge a complaint with our Privacy Officer in writing, by mail or fax to the address or fax number set out at the end of this Policy. The Privacy Officer will acknowledge the receipt of your complaint as promptly as possible after we receive your complaint.

We will endeavor to investigate and resolve your complaint within 30 calendar days. If we are unable to resolve your complaint, you can lodge a complaint with the Australian Information Commissioner by:​

Submitting an online form through the Information Commissioner’s website: www.oaic.gov.au

Submitting a hard copy form which can be obtained at https://forms.business.gov.au/smartforms/landing.htm?formCode=APC_PC

fax to 02 9284 9666

email at enquiries@oaic.gov.au  

CHANGES TO THIS POLICY

This Policy is subject to change from time to time as MAF Credit considers necessary. We will publish material changes by making them available on our website.​

The Privacy Officer
MAF Credit Pty LtdPO Box H360NSW 1215
Phone: 1800 319 289