About This Policy
We at Lanyana Financial Group Pty Ltd ACN 158 065 715 and its Related Bodies Corporate outlined below (“Lanyana Group“, “we“, “us” and “our“) respect your privacy and want you to understand how we collect, hold, use, and share personal information about you.
The Privacy Act 1988 (Cth) (‘Privacy Act‘), the Australian Privacy Principles, Privacy Regulation 2013 (‘Regulations‘) and registered privacy codes govern the way in which we must manage your personal information (‘Privacy Laws‘).
- Related Bodies Corporate of the Lanyana Group:
- Solution Providers Pty Ltd ACN 138 608 661;
- Insolvency Administration Services Pty Ltd ACN 133 509 654;
- Debtstroyer Pty Ltd ACN 150 341 325;
- Positive Solutions Finance Pty Ltd ACN 152 573 610;
- Revive Financial Pty Ltd ACN 609 795 066;
- Revive Restructuring Pty Ltd ACN 645 467 652;
- Revive Business Pty Ltd ACN 624 221 781; and
- any other company which is at any time a wholly owned subsidiary of any of the above companies; and
- the below Lanyana Group websites:
Collection of Personal Information
The Privacy Act defines personal information as any information or opinion about an individual that can be identified from that information.
As part of providing any of our Services we may collect, hold, process and share your personal information which can include: your name, date of birth, age, mailing/residential address, contact details, occupation, place of work, government identifiers such as a tax file number, driver’s license, Medicare, passport number, signature, photograph, video or audio recording.
We may also collect, hold, and share financial and credit related information that includes your personal finances, bank account, credit card details, transaction information, credit capacity, credit history, financial solvency and other financial related information such as your credit applications, credit agreements and financial difficulty and hardship applications.
We will not collect and use any of your sensitive personal information unless it is necessary for us to provide our Services to you and with your prior consent or where a permitted general situation exists. Sensitive personal information includes information relating to your health, sexual orientation, biometric data, criminal history, racial or ethnic origin as well as membership of any trade or professional associations.
How Information is Collected
- Most information will be collected from you personally, this can be taken by us:
- If you call or email us.
- When we provide our Services to you.
- When we manage our customer relationships and service provider relationships.
- If you provide us with feedback or make a complaint.
- If we provide you with our Services.
- If you apply for an account with us.
- When CCTV footage is recorded at our offices or premises.
- Your information that is in the public domain.
- If you subscribe to our newsletters and marketing lists.
- Other information that may be collected include details provided on a resume sent to us relating to an employment opportunity.
- We may obtain your credit related personal information:
- When making an application or negotiating with a credit provider on your behalf.
- From a Credit Reporting Body (“CRB“) when we have obtained your credit report with your consent.
- We may also receive your personal information from another party by any other means. If we do, we will apply the Privacy Laws in deciding whether it is lawful to keep the information received.
- We may also receive your personal information from third parties that we deal with on your behalf and from our service providers
Any information we receive that we are not lawfully required to hold will be deleted or destroyed.
How We Keep Your Personal Information
We will keep your personal information securely in either physical or electronic form. The security of your personal information is important to us. We will take appropriate technical and organisational precautions to secure your personal information and to prevent the loss, misuse, unauthorized access, disclosure or alteration of your personal information.
We will store all your personal information on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.
Much of the information we hold about you will be stored electronically. We store some of your information in secure data centres that are located in Australia. We also store information in data centres of our contracted service providers (including cloud storage providers), and some of these data centres may be located outside of Australia.
We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold both in Australia and overseas. For example:
- access to our information systems is controlled through identity and access management controls;
- employees and our contracted service providers are bound by internal information security policies and are required to keep the information secure;
- all employees are required to complete training about privacy and information security; and
- we regularly monitor and review our security measures and compliance with internal policies and industry best practice.
You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet and you do so at your own risk.
Also, our website may have links to external websites and we take no responsibility for the privacy practices or the content of those other sites.
Use and Disclosure of Information
We will use or disclose personal information held about you as permitted by law and for the business purposes for which it is collected (e.g. provision of our Services, including administration of our Services, notifications about changes to our Services, record-keeping purposes, technical maintenance, obtaining or maintaining insurance coverage, managing risks or obtaining professional advice) – that is, to carry on our business activities and provide our Services to you. We may use your personal information to comply with legislative or regulatory requirements in any jurisdiction, for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure, to prevent fraud, crime or other activity that may cause harm in relation to our Services and help us run our business and maintain integrity.
We may also use your personal information to tell you about our Services we think may interest you or for a purpose related to the primary purpose of collection or where you would reasonably expect that we would use the information in such a way, subject to legal restrictions on using your personal information for marketing purposes.
Our Services to You
Collecting your personal information will assist us in providing our Services to you and this includes but is not limited to:
- processing applications for the provision of our Services including debt administration, providing you with credit assistance or facilitating any credit to you;
- managing our Services to you which also includes; managing our customer relationships, processing payment receipts, and invoices;
- assessing and monitoring your credit worthiness;
- responding to enquiries relating to your application, accounts and other Services provided to you;
- detecting and preventing fraud and other risks to you and other individuals;
- understanding your needs, developing and offering our Services to you as well as researching and developing new services;
- ensuring workplace health and safety of our employees;
- dealing with any complaints made by you;
- complying with our legal and regulatory compliance requirements; or
- enforcing our rights, making legal enquiries, or taking legal action.
Providing Your Personal Information to Others
We may disclose your personal information to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may disclose personal information to our suppliers or subcontractors insofar as reasonably necessary to provide the relevant Services to you.
In addition to the specific disclosures of personal information set out in this section 6, we may disclose your personal information where such disclosure is necessary for compliance with a legal or regulatory obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may also disclose your personal information when you have obtained your consent.
Prior to disclosing your personal information to an overseas recipient, unless a permitted general situation applies, we will take all reasonable steps to ensure that:
- the overseas recipient does not breach the Privacy Laws; or
- the overseas recipient is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way the Privacy Laws; or
- you have consented to us making the disclosure.
Acceptance of any of our Services via an application in writing, orally or electronic means will be deemed as giving consent to the disclosures detailed herein.
Currently we are handling, storing, and processing your data in the following locations Australia, Asia through the use of Microsoft App Team, call recordings through Cradle in AWS East US (Virginia) Data Centre and Hubspot in AWS East US and GCP Frankfurt Germany. The locations where we handle, store and process your data may change as our business needs changes and we appoint other service providers from time to time.
We may use your personal information for direct marketing. This means we may send information to you that relates to promotions within our Lanyana Group companies.
You have the right to object to our processing of your personal information for direct marketing purposes. If you make such an objection, we will cease to process your personal information for this purpose.
We will not sell your personal information to other companies or organisations.
Wish to Stay Anonymous?
You can withhold your personal information when speaking with us if you are making a general enquiry. However, if you wish for us to provide you with our Services, we will need to identify you.
Retaining and Deleting Personal Information
In this section 11, we have summarised the rights that you have under the Privacy Laws. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
The summary of your principal rights under Privacy Laws are:
- to request, at any time, for us to inform you of the personal information we hold about you;
- the right to access your personal information and we will respond to you within 30 days of making a request;
- the right to rectification of your personal information;
- the right to erasure (where we have no legitimate right or business requirements to retain your personal information);
- the right to restrict or object to processing (where we have no legitimate right or business requirements to process your personal information);
- the right to complain to a supervisory authority; and
- the right to withdraw your consent (where we have no legitimate right or business requirements to retain or process your personal information).
We may refuse to give you access to personal information we hold about you if we reasonably believe that giving access would pose a serious threat to the life, health or safety of an individual, or to the public health or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on the privacy of other individuals, if there are legal proceedings, or if we consider the request to be frivolous or vexatious.
If we refuse to give you access to or to correct your personal information, we will give you a notice explaining our reasons except where it would be unreasonable to do so.
Third Party Websites
Our website may include hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.
About Cookies & Pop-ups
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from the cookies.
We also use a pop-up notice which only stores your session information, device details and geo-location. The purpose of the pop-up is for users that choose to subscribe, there will be a content drip workflow that periodically provides the user with articles and information related to our services. The article/information page links will appear in the user’s browser while they are browsing at other sites.
Third Party Websites
Credit Reporting Bodies (CRB) are authorised by law to handle your credit related information. If you apply for credit, we may disclose your personal information to, or collect personal credit related information from a CRB. CRBs may include credit related information provided by the Lanyana Group in reports provided to other credit providers to assist such other credit providers to assess the individual’s credit worthiness.
As permitted by law, we may collect, hold, use or disclose credit related information held about you for the purposes of:
- assessing and forming decisions as to whether to provide you with credit assistance, credit contracts or to accept an individual as a guarantor;
- participating in the exchange of credit related information with other credit providers including obtaining from and providing information to CRBs and other credit providers and/or trade suppliers as permitted by Part IIIA of the Privacy Act and the Credit Reporting Code;
- to assist you with debt management and administration;
- to provide you with our Services;
- to undertake debt recovery and enforcement activities, including in relation to guarantors, and to deal with serious credit infringements;
- to deal with complaints and meet legal and regulatory requirements; and
- to assist other credit providers to do the same.
Our Chosen CRB
The Lanyana Group shares credit related information with the following CRB:
Equifax Pty Ltd
GPO Box 964
NORTH SYDNEY NSW 2059
You are able to obtain a copy of Equifax credit reporting policies from their website.
We may change our chosen CRB in the future. If we do, we will let you know of that change by posting an announcement on our website.
Your Rights in Relation to CRBs
You may be asked to participate in a “pre-screening“. This is where your credit related information is provided to a CRB to use, to provide marketing relating to your credit related circumstances. You have the right to contact the CRB and ask that you be excluded from this process.
If you have been or have a reasonable belief that you are likely to be a victim of fraud, you can contact the CRB and request for a “ban-period“. The CRB will not be permitted to use your personal or credit related information during this time.
Notifiable Data Breaches
From February 2018, the Privacy Act includes a new Notifiable Data Breaches scheme (NDB) which requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change).
The NDB scheme requires us to notify about a data breach that is likely to result in serious harm to affected individuals. There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.
If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as possible and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.
If you believe that any personal information, we hold about you has been impacted by a data breach, you can contact us using the contact details below.
You may exercise any of your rights in relation to your personal information by contacting us. If you have a question or complaint about how your personal information is being handled by the Lanyana Group, our affiliates or contracted service providers, please contact us first on the following email: [email protected].
We will try to have your complaint resolved within 5 business days, but it may take longer depending on the complaint. If this is the case, we will aim to resolve your complaint within 30 days.
The Office of the Australian Information Commissioner
Under the Privacy Laws you may also complain to the Office of the Australian Information Commissioner (OAIC) about the way we handle your personal information. Please note the OAIC requires that any complaint be first made to the respondent organisation. The law also allows 30 days for the respondent organisation to deal with the complaint before a person may make a complaint to the OAIC.
The Commissioner can be contacted at: