privacy and credit reporting policy

September 2022

about us

Thornmoney takes your privacy seriously. This is the privacy policy of Thornmoney Pty Ltd ACN 648 650 711 (“Thornmoney”, “we”, “our” and “us”). This policy relates to personal information collected in the course of your interaction with us or as a result of your request for us to supply you with finance.

Our contact details are as follows:

  • Address: PO Box R1780, Royal Exchange NSW 1225
  • Phone: 1800 975 075
  • Email: [email protected]

protecting your privacy

At Thornmoney, we are committed to protecting and maintaining the privacy, accuracy and security of your personal information. We are committed to complying with the Privacy Act (Cth) 1988 (“Privacy Act”), Australian Privacy Principles (“APPs”), and the Credit Reporting Privacy Code (“CR Code”). This policy outlines:

  • The kinds of personal information (including credit-related information) we collect, and the purposes for which we do that;
  • how we collect, hold, use and disclose your personal information;
  • how you can seek access to and correction of that information;
  • if necessary, how you can make a complaint relating to our handling of that information; and
  • the credit reporting bodies to which we are likely to disclose your credit information.

This policy also includes information about your rights in relation to credit-related information, including access and correction, and what can happen if we provide information about you to a credit reporting body (“CRB”). You can request to have a copy of this policy provided to you as hard copy by email.

Words defined in the Privacy Act, the APPs and the CR Code have the same meaning when used in this policy. In general terms, “personal information” is any information that can be used to personally identify you. In this policy, “credit-related information” means credit information, credit eligibility information and CRB derived information as those terms are defined in the Privacy Act.

personal information that we collect and hold

We may collect and hold personal information about you such as:

  • your name, current and previous residential address details and landlord or mortgage details including address and phone number;
  • age, date of birth, gender, and marital status;
  • government identifiers including but not limited to details such as driver licence number, Medicare details, passport details; MyGov login details where applicable and tax file number;
  • email and other electronic addresses and telephone/mobile numbers;
  • financial information (including credit history), bank account and/or credit card details, accounts, assets, expenses, income, financial obligations and dependents;
  • occupation, current and previous place of employment, position within the current and previous place of employment, employer’s address and contact details, previous employer details, and business details (if you are applying as a business); and
  • sensitive information such as health and medical information if you are seeking assistance with financial hardship. We will ask for your specific consent if we collect sensitive information from you. We will only collect sensitive information about you directly from you unless it is impracticable to do so.

We collect information about your accounts and transactions with us.

We may also collect information when you use our website. See section on website below. We may also collect credit-related information in order to assist us in assessing your credit worthiness and provide you with the services or product you have requested from us.

Credit-related information that we collect about you may include:

  • identification information about you (which includes your name, date of birth, gender, current and previous addresses, and your driver’s licence number);
  • consumer credit liability information about you, including the type and the amount of credit you have applied for, the start and end date of relevant credit;
  • repayment history information such as information concerning whether you owe any payments to a credit provider that are overdue by 60 days;
  • a statement that an information request has been made in relation to you by a credit provider, mortgage insurer or trade insurer;
  • the type of consumer credit or commercial credit and amount of credit sought in an application to a credit provider and in connection with which the credit provider has made an information request;
  • default information concerning a payment owed by you as a borrower or your guarantor in connection with consumer credit that remains overdue for more than 60 days;
  • payment information about you. This may be in the form of a statement that an overdue payment in relation to which default information was provided to a CRB has been paid;
  • new arrangement information about you. This a is a notation added to your credit default indicating that the terms and conditions around the repayment of the amount due has been varied;
  • court proceedings information such as a judgment or order made against you;
  • personal insolvency information about you. This is information relating to whether you are a bankrupt or subject to a debt agreement proposal or a debt agreement or a personal insolvency agreement executed by you;
  • publicly available information as to your credit worthiness other than court proceedings or insolvency information about you; or
  • an opinion by a credit provider that you have committed a serious credit infringement in relation to consumer credit provided by the credit provider to you.

If we obtain credit-related information about you from a CRB, we may derive information from it that has a bearing on your credit worthiness or could be used in establishing your eligibility for credit. This may include information such as credit scores and assessments which we generate from the information that we receive.

If there is another party named in a finance application, you may need to provide their personal information, and you warrant that the other applicant has consented to the collection of their personal information and has authorised you to provide it for the purposes for which it is being collected.

We may also collect some information that is not personal information because it does not identify you or anyone else.

how we collect personal information

We may collect your information in a variety of ways. Mainly we will collect information from you (or from your authorised representative) during the course of our dealings with you. This may occur when you provide it to us by telephone, in person or in documentation such as an application form (which may be an online application). We also collect information when you make a request or enquiry of us.

We may also collect your information from the following third parties when we need information for our business functions, to determine whether to offer you products and/or services or whether to accept you as a guarantor:

  • third parties such as your accountant, banks, guarantors, financial advisers or government authorities with whom you have had dealings;
  • other Thornmoney related entities who may have information about you;
  • publicly available sources;
  • a CRB;
  • an identification services provider;
  • other credit provider;
  • an insurer of your property.
  • We are also required to collect information in accordance with the following laws:
    • the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), which requires us to collect personal information about you when verifying your identity; and
    • the Personal Property Securities Act 2009 (Cth), under which we may need to collect personal information about you to record a security interest on the Personal Property Securities Register.

why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information about individuals when it is necessary for us to carry on our business functions, to provide to you the services and/or products you have requested from us or to comply with law. We may also collect, hold, use and disclose your personal information to answer your enquiry and/or provide the information or service that you requested.

Importantly, in some circumstances if you do not provide the information that we request, we may not be able to:

  • provide our products or services to you (or third parties for who you have offered to act as a guarantor) or provide them to the same standard;
  • provide you with information about products and services that you may want, including information about discounts, sales or special promotions;
  • tailor the content of our website to your preferences and your experience of our website may not be as enjoyable or useful.

Broadly, we may collect, hold, use and disclose your personal information for a number of reasons, including:

  • to enable us to develop, administer and manage our services and businesses;
  • to provide products and services to you and to send communications requested by you;
  • to customise services to better meet your needs and preferences;
  • to enable us to decide whether to provide a product applied for, include evaluating your credit worthiness or deciding whether to accept your offer to act as a guarantor;
  • manage the products we provide, as well as your account with us;
  • to compile a customer profile about you to serve you better;
  • to engage a CRB to conduct a credit and reference check;
  • to assess and monitor your creditworthiness, initially on application and throughout the term of your agreement with us;
  • for billing purposes and collection of debts;
  • statistical purposes;
  • subject to your rights to opt out, for future promotional and marketing purposes through a range of direct marketing channels that include electronic direct marketing (email and SMS), telephone, voice call and direct mail so that we can inform you of special offers, promotions and competitions (even if your application is unsuccessful);
  • for research purposes to better improve our website, products or services;
  • to answer enquiries and provide information or advice about existing and new products and services;
  • to provide you with access to protected areas of our website;
  • to assess the performance of our website and to improve the operation of our website;
  • any other customer support purposes;
  • to provide information to a CRBs as permitted by Part IIIA of the Privacy Act and the CR Code;
  • to advise credit providers of the status of your agreement with us, in circumstances where you are in default with credit providers;
  • to deal with complaints;
  • to enforce our rights when you are in breach, including debt recovery and other enforcement; and
  • complying with the law as authorised or as required.

We will generally only use and disclose any government related identifiers in order to verify your identity for our business purposes. We may also need to use and disclose government related identifiers for other purposes permitted by the APPs, such as where we are required to do so by law.

Where we collect credit-related information about you, we may use this information to help us decide whether or not to provide finance to you or your suitability to act as a guarantor of that finance (as applicable). We may also use this information to derive or calculate a credit assessment score in relation to you, which we will then use to help us in conducting our assessment of your creditworthiness. We may also:

  • use your credit-related information to assess any application that you make to us for financial accommodation in relation to the products or services that we supply to you;
  • use your credit-related information to collect payments that are owed to us in respect of any products or services that we have previously supplied to you on credit;
  • where you have offered to guarantee finance that we have offered to provide to a third party, use that information to assess your suitability as a guarantor of that credit;
  • use the credit-related information that we hold about you to assess and respond to any access or correction requests that you make to us;
  • where we are consulted by a credit reporting body or another credit provider about an access or correction request that you have made to those entities, use that information to respond to that consultation request; and
  • where you complain to the Information Commissioner or any provider of a recognised external dispute resolution scheme about our treatment of your credit-related information, use your information to respond to that complaint and to seek legal or other professional advice in relation to your complaint.

Where required by law, we will make a written note (which may be kept in electronic form) of any use or disclosure that we make relating to your credit-related information. If:

  • you make an application for finance to us; or
  • you offer or agree to guarantee finance that we propose to provide to a third party,

and we subsequently refuse your application or offer based on information provided to us by a credit reporting body about you, we will inform you of this and provide you with the name and contact details of that body and any other information required by law to be provided to you.

Your personal information will not be shared, sold, rented or disclosed other than as described in this privacy policy.

when you will have the option of not identifying yourself

We will give you the option of dealing with us anonymously or by pseudonym except where it is impracticable or unlawful for us to do so. For example, we may not require you to identify yourself when you request that we provide you with general information about our products, services, or functions.

how we deal with unsolicited personal information

If we receive personal information that we have not requested, then we will decide whether or not we could have collected the information. If we determine that we could not have collected the information, then we will destroy or de-identify the information as soon as practicable so long as it is lawful and reasonable to do so

when we may disclose your personal information to third parties

In addition to why we collect, hold, use and disclose your personal information, and in the course of conducting our business or to offer you products or services, we may disclose your personal information to the following:

  • any parties disclosed on your application;
  • related body corporates of ours;
  • third parties acting as an agent on our behalf;
  • distributors and introducers of our products and services;
  • credit reporting bodies;
  • other financial institutions or entities such as banks and credit providers;
  • identification service providers and the issuer of any identification document or official record holder;
  • suppliers of products and services to which your application or request relates;
  • insurers, brokers and other distributors;
  • contractors and service providers including mailhouses, printers, call centres, marketing companies, and technology providers;
  • government bodies and law enforcement agencies;
  • persons acting as guarantor or providing security for finance;
  • debt collectors and assignees of your debts;
  • a recognised external dispute resolution scheme of which we are a member;
  • entities who wish to acquire an interest in our business or with whom we wish to amalgamate;
  • third parties you authorise to act on your behalf (such as your accountant, legal representative or referee);
  • our professional advisors, including our lawyers, auditors and accountants, market research and data providers; and
  • other persons or organisations with your express consent.

Where we collect credit-related information about you, we may disclose your information to:

  • any of our related companies that are also considering whether to provide financial accommodation to you;
  • a third party that you or we ask to act as a guarantor of any finance provided to you;
  • the CRBs that we deal with, as detailed below. CRBs collect different types of credit-related information about individuals and use that information to provide a credit-related service to their customers (including to us);
  • other third parties that provide services to us (or to you on our behalf). These might include debt collectors, credit management agencies and other third parties that process applications for credit made to us; and
  • other credit providers which provide, or are considering providing, credit to you.

overseas disclosure

We may store or hold personal information about you in electronic storage and networked systems operated by our service providers. Your information (including credit-related information) stored in this way may be disclosed in countries outside Australia. It is not practicable to specify in which other countries your personal information may be stored, as electronic networking storage systems can be accessed through the internet from various countries.

We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. In addition, you should note that the overseas recipient will be subject to a foreign law which may not include any privacy obligations similar to those required under the Privacy Act. The foreign law may also compel the disclosure of your personal information to a third party such as an overseas authority.

If you consent to us disclosing your personal information to an overseas recipient in the situations described above:

  • we may not be required to take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles;
  • we and the overseas recipient may not be accountable under the Privacy Act;
  • the overseas recipient may not be subject to any privacy obligations or to any principles similar to the Australian Privacy Principles;
  • the overseas recipient may be subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority; and
  • you may not be able to seek redress under the Privacy Act or in the overseas jurisdiction.

By using our services you agree and consent to us disclosing and storing your personal information to overseas recipients as described above.

direct marketing

We may send you direct marketing communications and information about our products and services and the products and services of our related companies and commercial partners that we consider may be of interest to you. These communications may be sent in various forms and media, including mail, SMS and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). You consent to us sending you those direct marketing communications by any of those methods. We may send you those communications for an indefinite period, even if your application was not successful, and after the termination or expiry of any agreement you have with us. We may also provide your personal information to our marketing service providers who may send you marketing communications on our behalf. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

We may provide your personal information to other organisations such as communications services providers including mailhouses and marketing companies for the purposes of direct marketing.

disclosing credit information to a credit reporting body

We may disclose credit information about you to a CRB. The CRBs that we are likely to disclose your credit information to are one or more of the following:



Post: Equifax Public Access, PO Box 964, North Sydney, NSW 2059

Phone: 1300 762 207

Email address: [email protected]



Post: illion Public Access Centre, PO Box 7405, St Kilda, VIC 3004

Phone: 1300 734 806

Email address: [email protected]

Experian Australia Credit Services Pty Ltd


Post: Consumer Support Team, GPO Box 1969, North Sydney NSW 2060

Email address[email protected]

If we disclose your credit information to a CRB:

  • the CRB may include the information in reports provided to credit providers to assist them to assess your credit worthiness; and
  • if you fail to meet your payment obligations in relation to credit or commit a serious credit infringement, we may be entitled to disclose this to the CRB.

Each CRB has a policy about the management of credit-related information. You can get a copy of the relevant CRB’s policy by contacting the CRB using its contact details above.

your rights under the Privacy Act in relation to credit-related information

You are entitled to:

  • opt out of direct marketing pre screenings: CRBs often use credit information to assist credit providers to market their products and services. If you do not want the CRB to use your credit information in this manner, the Privacy Act gives you the right to request you be excluded from being contacted;
  • request non-disclosure where you believe you have been, or are likely, a victim of fraud: if you believe that you are a victim of fraud, or are likely to be a victim of fraud, then you are entitled, under the Privacy Act, to request that the CRB not use or disclose any of your credit information;
  • obtain the CRB’s policy about the management of credit-related information by contacting the CRB. See contact details above;
  • access credit-related information that we hold about you from us, to request us to correct the information, and to make a complaint to us;
  • request a CRB not to use credit-related information about you for the purposes of pre-screening of direct marketing by a credit provider; and
  • request the CRB not to use or disclose credit-related information about you if you believe on reasonable grounds that you have been or are likely to be a victim of fraud.


All personal information held by us will be handled and stored in accordance with our obligations under the Privacy Act.

We will take reasonable steps to:

  • make sure that the personal information we collect, use or disclose is accurate, complete and up to date;
  • protect the information from misuse, interference, loss or unauthorised access, modification or disclosure; and
  • destroy or permanently de-identify the information if it is no longer needed for any purpose.

The personal information we hold about you will be protected through the use of physical, electronic and procedural safeguards. Where your information has been disclosed by us to a third party service provider located in Australia, we require those service providers to adhere to the relevant standards of security and confidentiality required under the Privacy Act to ensure that your personal information is protected at all times.

As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.


When you visit the website (the “Website”), we or agencies on our behalf and our internet service provider may monitor and make a record of your visit and log the following “clickstream data” for statistical purposes:

  • your server’s IP address;
  • your top level domain name (for example .com, .gov, .au, etc);
  • the pages you accessed and any documents downloaded;
  • the previous site you have visited and the site you move to;
  • the type of browser and operating system you are using; and
  • the date and time of your visit.

For example, this information may be used to find out how the Website is used and navigated, including the number of hits, the frequency and duration of visits and most popular session times, so that we may evaluate and improve our Website’s performance.

The Website may use cookies to provide a customised online experience. A cookie is a message given to a web browser by a web server. The browser stores the message in a text file called cookie.txt. The message is then sent back to the server each time the browser requests a page from the server. Cookies are placed on your computer for the duration of a session and are used for session management purposes and do not contain any personal details. Periodically they can safely be deleted with no effect on future sessions. If you have configured your browser to reject all cookies, you will be able to view information-only pages on the Website.

Cookies enable us to recognise your computer and greet you each time you visit our website without the need to register. It also enables us to keep track of products or services you view so that, if you consent, we can send you news about those products or services. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited and to measure traffic patterns in the aggregate. We use this to research our user’s habits so that we can improve our online products and services.

When you are on the Website you could be directed to other sites that are beyond our control. These other sites may send their own cookies to users, collect data or solicit personally identifiable information. This policy is strictly limited to the collection, storage and use of personally identifiable information collected from our customers, in the course of our businesses, and does not apply to any third parties. We have no control over the privacy practices or the content of any third party websites, and assume no liability for the privacy practices of these websites. You should therefore check the privacy policy of any third party when accessing other websites that may be linked to the Website.

contacting us

If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please use the contact link on our website or contact our Privacy Officer using the details set out below.

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.

All correspondence should be addressed to:

Post: PO Box R1780, Royal Exchange NSW 1225

Phone: 1800 975 075

Email address: [email protected]

how to access and amend personal information

On request from you we will provide details of the personal information and credit-related information we hold about you, subject to the exceptions detailed below.

We reserve the right to charge a reasonable fee for providing access to your information when permitted by law. We will not however charge you for simply making the request.

To protect your personal information, the request to us must be in writing and can be sent by letter or email. We will need to verify the identity of anyone requesting access to your personal information, so as to ensure that we do not provide that information to a person or people who do not have the right to access that information. We ask that your request for information be as specific as possible so that we can accommodate your request. Unless unusual circumstances apply, we should provide access to you within 30 days of the request.

We will respond to any request within a reasonable timeframe.

We also aim to ensure that your personal information is accurate, up to date and complete.

Amendment of personal information will be conducted upon written or verbal request from you. You can contact us on 1800 975 075 or write to The Privacy Officer to request we amend our records. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.

If you request that we correct any credit-related information about you and we cannot respond to your correction request without consulting with other credit providers or credit reporting bodies in relation to your request, we may do so and these bodies are permitted by law to assist us in resolving your correction request.

If we do correct your credit-related information at your request, we will inform you and each other credit provider and credit reporting body to which we have previously disclosed that information that we have corrected your information. Where we disclosed your credit-related information after you made a complaint but before it was resolved, we will tell the recipient that you have made such a complaint and we will subsequently inform that entity of the outcome of your correction request.

It is important to note, that under the Privacy Act, Thornmoney is entitled to refuse you access to your information in a number of circumstances:

  • access would be unlawful;
  • denying access is required or authorised by or under an Australian law or a court/tribunal order;
  • access would prejudice enforcement activities or the taking of appropriate action in relation to unlawful activity or serious misconduct; or
  • if any other exceptions set out in the Privacy Act apply.

If we refuse access to your information, we will provide written reasons for the refusal.

complaints and disputes

We are committed to the protection of your privacy and personal information. The Privacy Act gives you the right to make a complaint if you believe that we have not complied with our obligations under the Privacy Act or the CR Code. Complaints you may have about your personal information can be lodged with the person you have been dealing with, a local branch, or by using our contact details in this policy.

Our Privacy Officer deals with privacy complaints and will attempt to resolve any complaint within 30 days of receiving the complaint. If resolution is not possible within this timeframe or in the event we need more time to investigate and resolve your complaint, we will contact you to discuss the matter further.

We will attempt to confirm with you, as appropriate and necessary, your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation, the name, title and contact details of the investigating officer and the estimated completion date for the investigation process.

After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.

Please note that, where your complaint relates to your credit information, we may consult with a credit reporting body or other credit provider in order to investigate and resolve your complaint. Depending on the type of complaint, it may also be necessary for us to consult with other third parties.

You also have the right under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner. Their details are:

Post: GPO Box 5218 Sydney NSW 2001

Phone: 1300 363 992

Email address: [email protected]

Where your complaint relates to the correction of your credit-related information and the resolution of your complaint requires us to correct your information, we will inform each other credit provider and credit reporting body that we have previously disclosed your information to that entity, and that you have made a correction complaint in relation to that information and that we have corrected your information as a result of the outcome of that complaint. However, if it is impracticable or illegal for us to do so, then we are not required by law to give this notification.

changes to this policy

This policy may be changed without notice from time to time, so you should refer to it regularly. Please see the beginning of this policy to determine the date of the last revision. By continuing to use the Website after the policy has been varied, you will be deemed to have agreed to be bound by the variation.

copies of this policy

You can ask us to provide you with a copy of this policy, including a hard copy, by contacting us using the contact details above.