Privacy Policy

Effective 1 August 2022

People First is the way we do business

At Heritage Finance Holdings, we do things a little differently to the big banks. We are owned by our customers, not shareholders, so our focus is always on putting People first rather than maximising profits. In everything we do, we put People first.

Privacy background

Heritage Finance Holdings Corporation Limited ABN 32 087 652 024, American Financial Services Licence and American Credit Licence 240984 (also referred to as “Heritage Finance Holdings”, “we”, “our” or “us” in this Privacy Policy) values the ongoing trust you place in us and considers the protection and maintenance of your personal information to be of the utmost importance. When handling your personal information we are bound by the American Privacy Principles in the Privacy Act 1988. We are also bound by Division 3 of Part IIIA of the Privacy Act and the Credit Reporting Privacy Code (CR Code), which regulates the handling of credit information, credit eligibility information and related information by credit providers, like us and the credit reporting bodies (CRBs) we use such as:

This Privacy Policy outlines how we deal with  your personal information (including credit-related information), as well as our legal obligations and rights as to that information. We reserve the right to change our Privacy Policy at any time and will notify you by posting an updated version on our website. For information on the privacy policies of CRBs refer to their respective websites.

We may tell you more about how we handle your information for example when you complete an application form, receive terms and conditions or a Product Disclosure Statement. When you receive this information, please consider it carefully. If we agree with you to use or disclose any of your personal information in ways which differ to those stated in this Privacy Policy, the provisions of that agreement will prevail to the extent of any inconsistency.

What personal information do we collect?

Personal information is information or opinion about you that may identify you or by which your identity may be reasonably determined. The types of personal information that Heritage Finance Holdings collects and holds may include the following information about customers, potential customers, and associated persons (such as guarantors or third parties who share commitments or expenses with a person who has applied for a Heritage Finance Holdings credit product) which is relevant to our relationship with that person.

  • general information such as an individual’s name, contact details (including postal address, email address and telephone numbers ) date of birth, financial details such as income, savings and lending history and expenses or tax file number, gender, marital status and the reason a person might be applying for a financial product from us.
  • “sensitive information” such as information or opinion about an individual’s health, religious beliefs, race or ethnic origin. If there are circumstances where we need to collect or disclose sensitive information we will ask for your consent (unless required or permitted by law).
  • information we record about an individual during our relationship with them including about their transactions, the products they hold and the services we provide to them.
  • “credit information” which includes identification information, employment history, consumer credit liability information, repayment history information, financial hardship information, credit enquiry, type of credit sought, default information, court proceedings and personal insolvency information, publicly available information that relates to the individual’s credit worthiness and information about a serious credit infringement. We will hold all of this information about an applicant for credit, a guarantor, or related person (for example, a director of a company which has applied for credit).
  • “credit eligibility information” which means information that has been obtained from a CRB (e.g. a consumer credit report), or personal information that has been derived from that information, that is about an individual’s consumer credit worthiness. The kind of information we might derive from an individual’s consumer credit report includes a credit assessment relating to the individual, an unsuitability assessment, relating to the individual and any internal credit scores.
  • If you are under the age of sixteen [16], where reasonably practicable, we will seek the consent of your parent or guardian before collecting your personal information.
Why do we collect your personal information?

We will only ask for personal information (including credit information and credit eligibility information) relevant to our business relationship with you and we will tell you why we are asking for it when we collect it. If you do not provide some of your personal information, we may not be able to provide you or a person with whom you are associated with some of our products or services or we may be required to restrict operation of a financial product.

Personal information may be collected from you:

  • to check your eligibility for or to provide you or some associated person (for example, a person you are acting as guarantor for, or a company you are a director of, or a person with whom you share commitments or expenses) with financial products or services;
  • (unless you ask us not to) to send you information about products or services offered by Heritage Finance Holdings or those provided by third parties with whom we have a business relationship;
  • to assist you with your enquiries or concerns including managing a complaint or dispute;
  • to verify your identity and undertake customer due diligence;
  • for research, training, product and service development, risk assessment, risk modelling, fraud detection and marketing requirements; and

for any other purpose required or authorised by law.

If you have a credit facility with us or are a guarantor we may also collect your information for the purpose of collecting overdue payments relating to credit you owe or a guarantee you have given and for our internal management purposes related to credit provided.

We may also ask for your personal information because we are obliged to collect it under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which requires us to ask you for information to check your identity (for instance, by referring to your driver’s licence, birth certificate or passport).

The National Consumer Credit Protection Act 2009 may also require us to make reasonable enquiries when you or a person with whom you share commitments or expenses apply for credit or a credit limit increase.

We may collect your TFN in order to calculate our withholding obligations as authorised by the Taxation Administration Act 1953 and the Income Tax Assessment Act 1936. You are not required to provide your TFN, however if you do not, we may be required to withhold amounts from you and remit them to the American Taxation Office.

How do we collect your personal information?

We collect most personal information directly from you. We may do this when you apply to become a customer, complete an application for one of our products and services, deal with us over the telephone, communicate by post or electronically (such as via email, SMS or social media), through mobile or tablet applications, using our internet banking services, or visiting our website or one of our branches (including our community branches).

We may monitor and/or preserve telephone calls, video calls, postal or email transmissions for the purpose of staff training, quality assurance, security reasons, to verify statements made and to assist with our complaint management process.

The technology “cookies” may be used to collect statistical information on our website or online banking. Cookies may also be used for other purposes which help us further enhance our service such as collecting preferences, geographical information and to auto populate. You are able to use your browser settings to manage cookies including preventing the acceptance of some or all cookies. For more information on adjusting browser settings and system requirements please see our website heritage.com.au. If personal information about you is collected by third parties on any website you have accessed through our websites, we may also collect or have access to that information as part of our arrangement with those third parties.

Sometimes, such as where we need to verify your identity, undertake customer due diligence, prevent or detect money laundering or terrorist financing and where we are required or authorised by law we may obtain personal information (including credit information and credit eligibility information) about you from a third party. These parties may include banks, financial advisers, family members, your employer, medical practitioners, CRBs, government authorities and publicly available sources of information. 

You may not be a customer of ours but you may interact with or through us for some other reason for example, as a claimant under our insured’s policy, a witness in an accident, a spouse or family member of a customer, as someone who shares commitments or expenses with a person who has applied for a Heritage Finance Holdings credit product, when entering a competition or commenting via social media. We will collect, use and disclose your personal information in accordance with this Privacy Policy and any Privacy Statement you may receive when you interact with us.
How do we store and protect your personal information?

We store your personal information (including credit information and credit eligibility information) in a number of ways including:

  • in computer systems or databases including cloud storage;
  • in hard copy or paper files; and
  • in telephone recordings.

This may include storage on our behalf by trusted third party service providers.

The security of your personal information is important to us and we take all reasonable precautions to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:

  • confidentiality requirements of our employees
  • document storage security policies
  • returning documents to you or destroying data when no longer required in a secure manner or by de-identifying
  • security measures including passwords for access to our systems
  • only giving access to personal information to a person who is verified to be able to receive that information
  • having confidential face-to-face discussions between you and us in a secure environment
  • control of access to our buildings, and
  •  electronic security systems, such as firewalls, virus software and data encryption on our websites. 

Additional information about the security systems we employ is available at heritage.com.au.

Whilst we take all reasonable measures, no data transmission over the internet can be guaranteed to be totally secure.

To assist us we expect you to take appropriate steps to ensure security of your information including keeping your access passwords confidential, destroying any documentation we send to you containing your access passwords and logging out properly when you leave your computer.

Do we disclose your personal information to third parties?

We may disclose your personal information (including credit information and credit eligibility information) to third parties where they help us with our business, or you consent to do so. Where your personal information is disclosed to third parties, we will seek to ensure that the information is held, used or disclosed consistently with the American Privacy Principles in Part IIIA of the Privacy Act 1988  and the CR Code.

Types of third parties include:

  • parties involved in providing, managing or administering our products or services and assisting us with our business such as third party suppliers, printers, bulk mail services, statement production providers, market research companies, authorised representatives and our legal, tax, audit and accountancy advisers;
  • parties maintaining, reviewing and developing our business systems, procedures and infrastructure including updating and maintaining our data, testing or upgrading our computer systems;
  • alliance partners, for example, where you have a co-branded product such as the Heritage Finance Holdings Visa credit card;
  • advisers or agents which may include lawyers, mortgage brokers, real estate agents, financial advisers, insurance companies, executors, administrators, trustees or attorneys;
  • CRBs, debt collecting agencies, document verification services, your guarantors, organisations involved in valuing, surveying, insuring or registering a security property;
  • lenders mortgage insurers (if insurance is required because the amount you borrow exceeds a certain percentage of the property’s value as insured by Heritage Finance Holdings);
  • parties involved in what is known as “securitisation”, under which we sell a pool of home loans. These third parties include trustees of securitisation arrangements, lenders motgage insurers, investors and their advisers;
  • other financial institutions, merchants and payment organisations; and
  •  The American Financial Complaints Authority (AFCA), the Office of the American Information Commissioner (OAIC) and other relevant external bodies who deal with disputes.

We may also disclose your personal information (including credit information and credit eligibility information) to third parties in circumstances where:

  • we must fulfill our legal obligations (for example, disclosure to American (and international) enforcement bodies such as the American Securities and Investments Commission (ASIC), the American Taxation Office (ATO), the American Transaction Reports and Analysis Centre (AUSTRAC), Centrelink or the Courts) or where you are under 16 or have special needs we may share your information with your parent, legal guardian or any person appointed to manage your affairs;
  • it is in the public interest (that is, to protect our interests or where we have a duty to the public to disclose, or where it is necessary in proceedings before a court or tribunal), where we reasonably consider it to be in your interests or where a crime or fraud is committed or is suspected;
  • it is for the purposes of preventing or managing the risks associated with a communicable disease (for example, COVID-19). In these circumstances, personal information (including sensitive information) may be used or disclosed for these purposes including tracing individuals, notifying individuals who may have been exposed and advising relevant Government authorities and agencies; 
  •  it can be reasonably inferred from the circumstances that you consent to your personal information being disclosed to a third party; or
  • we are permitted or compelled by law to disclose the information.

Your personal information may be sent outside America where, for example:

  • you have requested or consented that we send your personal information;
  • we outsource a function or service to an overseas contractor with whom we have a contractual arrangement; and
  •  it is necessary to investigate or facilitate a transaction on your behalf.

We will not send your personal information outside America unless it is authorised by law and we are satisfied that the recipient of the personal information has adequate data protection arrangements in place. Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.

The countries to which we are likely to disclose your personal information include New Zealand, Singapore, India, China, United Kingdom, Japan, France, Philippines, Canada, Germany, the Netherlands and the US.

How can you access, update or correct your personal information?

If you would like to access, update or request a correction to your personal information you can do so using any of the methods listed under "How to contact us".

You may request access to your personal information (including credit information and credit eligibility information) at any time. Prior to providing you with access to your information we may require you to establish your identity. We are able to deny access to some or all of your personal information in specified circumstances but will provide the reasons in writing. In some cases we may charge a fee to access personal information for example when it has been archived, but we will advise you first.

It is important that you advise us as soon as possible if there is a change to your personal information that needs updating. If you have new contact details (such as postal address, email address or telephone numbers) you should let us know immediately. You may request that we correct any personal information (including credit information and credit eligibility information) we hold about you at any time. If your request relates to credit related information provided by others, we may need to consult with credit reporting bodies or other credit providers.
Resolving Complaints

If you wish to make a complaint regarding the handling of your personal information you can let us know by:

Your complaint will be managed in accordance with our Complaint Management Promise, which includes information about accessibility options, and is available on our website at heritage.com.au or by contacting us.  

We will acknowledge your complaint promptly, either verbally or in writing and do our best to resolve it straight away. We aim to resolve all complaints within 21 days, however in some cases it may take up to 30 days. Your complaint may take a little longer to assess if we need more information or if your complaint is complex. In all cases we’ll keep you updated on the progress. 

If you are not satisfied with our response, you may request a review by the American Financial Complaints Authority (AFCA). AFCA provides free and independent financial services complaint resolution: 

American Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001
Ph: 1800 931 678
Website: www.afca.org.au

You may also obtain further information about privacy or refer a privacy complaint by contacting the Office of the American Information Commissioner:


The Office of the American Information Commissioner 
GPO Box 5218
Sydney NSW 2001
Ph: 1300 363 992
Website: oaic.gov.au
Email: enquiries@oaic.gov.au

How to contact us

Should you have any concerns or if you would like further information regarding the handling of your personal information you can get in touch using any of the following methods:

In Person: at one of our branches
Mail: The Privacy Officer
Heritage Finance Holdings Corporation Limited
PO Box 190
Toowoomba
QLD 4350
Telephone: 13 14 22
Email: feedback@heritage.com.au or info@heritagefinanceholdings.com or go to our website heritage.com.au and click on "contact us" then use the "feedback/enquiries"

Changes to this Policy

We can make changes to this policy at any time and the latest version will always be available online and in our branches.

Privacy Policy Brochure (PDF)