Privacy Policy

(incorporating Credit Reporting Policy)

Download PDF

1. Introduction

2Be’, ‘we’, ‘us’ and ‘our’ refer to 2Be Finance Pty Ltd (2Be).

This 2Be Privacy Policy explains:
the kinds of personal information (including credit information) that we collect and hold;
how we collect and hold personal information;
the purpose for collecting, holding, using and disclosing personal information;
how you can seek access to, and correction of, that information; and
how you can make a complaint relating to our handling of that information.

Our handling of personal information (including credit information) is governed by the Privacy Act 1988 (Cth) (Privacy Act) and the Privacy (Credit Reporting) Code (CR Code).

2. Collection of personal information

2.1 Types of information

  • Personal information is information about an individual who is identified or reasonably identifiable (for example, your name and date of birth).
  • Credit information is a type of personal information. This may include information on the amount of credit provided to you, the kind of credit provided to you, any finance that you have outstanding, and your repayment history for any credit provided by us or other credit providers.
  • Sensitive information is another type of personal information. This is information which is sensitive in nature (for example, your political opinions, philosophical beliefs, membership of a professional or trade association or union, and health information). We only collect sensitive information from you if it is necessary in the circumstances and you have consented to that collection.

2.2 What information we collect

We will collect personal information about you depending on the circumstances in which the product or service is being provided. This information may include:

  • key personal information such as name, residential and business addresses, telephone numbers, email, and other electronic addresses;
  • financial and related information, such as occupation, accounts, assets, dependents, employment, financial and business dealings, and other relevant events;
  • transaction history with relevant third parties;
  • tax file number information and other government identifiers; and
  • other relevant information – depending on the circumstances this may also include sensitive information such as health and medical information (e.g., if it is relevant to a hardship request), and membership of professional bodies.

2.3 Credit information

If we need to collect information about you in relation to credit matters, this may include:

  • information such as account numbers or customer identifier numbers;
  • credit reports from Credit Reporting Bodies (CRB);
  • credit application history with us and other credit providers, such as the type of credit applied for, the amount of credit applied for, the start and end date of relevant credit;
  • repayment history information, such as whether any payments to us or another credit provider (regardless of the capacity in which that credit was provided) are overdue;
  • credit ratings, scores, and evaluations about creditworthiness.
  • court proceedings information. This is information about a judgment of an Australian court that relates to credit that was provided to, or applied for, by you, such as whether you have been declared bankrupt or been subject to insolvency;
  • whether we have accessed your credit information previously;
  • default information about you. This is information about a payment owed by you as a borrower or guarantor in connection with consumer credit that remains overdue for more than sixty (60) days and which we can disclose to a credit reporting body if certain requirements under the Privacy Act are met;
  • payment information about you. Payment information is a statement that an overdue payment in relation to which default information was provided to a credit reporting body has been paid;
  • new arrangement information about you. This is information where you may have entered into certain types of arrangements with us in relation to consumer credit where you have been overdue in making a payment and 2Be has provided default information to a credit reporting body. New arrangement information is either that the terms and conditions of that consumer credit have been varied as a result of you being overdue or that you have been provided with new credit relating to the original amount of credit;
  • bank transaction data (BTD) from a Transaction or Credit Account, where access or consent is provided by the consumer (Scraping, Optical Character Recognition i.e., ‘OCR’, or Open Banking);
  • personal insolvency information about you. This is information recorded in the National Personal Insolvency Index and relating to bankruptcy, a debt agreement proposal, a debt agreement, a personal insolvency agreement, a direction given, or an order made, under the Bankruptcy Act that relates to property, or an authority signed under the Bankruptcy Act that relates to property;
  • superannuation, investment or other asset holdings;
  • motor vehicle registration; and
  • publicly available information about you:
  • that relates to activities in Australia or the external Territories and creditworthiness; and
  • that is not court proceedings information about you or information about you that is entered or recorded in the National Personal Insolvency Index.
  • list itIf you do not provide us with credit information, we may choose not to provide products or services.

2.4 How we will collect your personal information

Where possible, we will collect the personal information directly from you (or from someone who is representing or assisting you).

We may also collect information about you from third parties where it is unreasonable or impracticable or more efficient than to collect it directly from you. Other third parties that we may collect personal information from include:

  • agents;
  • co-applicant(s) (if any);
  • CRBs;
  • employers, accountants, referees, banks, landlords, guarantors, lawyers, financial advisers, or others with whom you have had previously dealings; or
  • any other persons authorised by you to provide information to us.

We will only collect sensitive information directly from you or relevant third parties with your consent, if the information is reasonably necessary for, or directly related to, one or more of our activities. In some circumstances permitted under the Privacy Act, for example, where authorised by a court, we will not seek your consent to collect sensitive information.  Any sensitive information that is collected will only be used for the purpose for which it is provided. 

If you give us information about a co-applicant(s), we rely on you being authorised to do so and directing them to this Privacy Policy to explain how we handle their information.

2.5 Purpose for collection of personal information

We collect personal information for the following purposes:

  • arranging and assessing an application for credit;
  • arranging a referral or credit assistance;
  • managing credit;
  • providing you or your family with the products, services or information you have requested;
  • managing our relationship with you;
  • helping to protect you and ourselves from error or fraud; and 
  • complying with our regulatory requirements, including to confirm your identity, investigate financial crime, or to share relevant information with law enforcement agencies, tax authorities and other regulatory bodies. Some of the key laws which may apply include the:
  • Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (for example, to comply with applicable customer identification procedures);
  • Personal Property Securities Act 2009 (Cth) and State and Territory property and security interests laws (for example, to search for security interests granted by you);
  • the Taxation Administration Act 1953 (Cth), the Income Tax Assessment Act 1936 (Cth) and other taxation laws (for example, to comply with information requests issued by the Commissioner of Taxation); and
  • Corporations Act 2001 (Cth) and other regulatory legislation.

3. Holding personal information

We hold personal information on secure IT systems. These IT systems are appropriately updated with passwords, virus scanning software and firewalls when needed.

Any paper records are only accessible to employees and others when and if they are needed. Any paper records are held within an office that is locked and security protected out of business hours.

We take reasonable steps to ensure any personal information which we no longer require for any lawful purpose is disposed. We will destroy personal information that is held electronically and in paper form seven years after our relationship with you ends with the exception of when required to by law. We will do this by shredding, or otherwise securely destroying, paper copies and deleting electronic records containing personal information about you or permanently de-identifying you within those records.

We will periodically update the Privacy Policy and will provide a copy of the Privacy Policy free of charge on request and in a suitable format.

4. Disclosure of personal information

4.1 Who do we disclose your personal information to?

Where permitted or required by law, or with your consent, we may disclose your personal information (including credit information) to third parties. Other third parties that we may disclose personal information to include:

  • co-applicant(s) (if any);
  • our related entities based in Australia or overseas;
  • entities that provide services to us such as mailing houses or call centre operators;
  • entities providing other services to us, including legal services, financial services, market research and data providers;
  • assignees or potential assignees, or where we act as an agent for, or otherwise on behalf of, another person, to the principal or that other person;
  • introducers, partners, or any other entity with whom we have an alliance or partnership arrangement;
  • other financial institutions or entities such as banks and credit providers;
  • identification service providers and providers of digital identity protection and fraud prevention;
  • insurers, assessors, underwriters, brokers, and other distributors;
  • government regulatory bodies in Australia and overseas;
  • if appropriate, guarantee or security providers;
  • organisations involved in debt assignment or securitisation arrangements;
  • debt collectors or other enforcement bodies;
  • entities who wish to be involved in our business, or acquire an interest in our business;
  • third parties authorised to act on behalf of you or that are otherwise connected with you (such as accountant, legal representative, referee, or an access seeker acting on your behalf to obtain your credit report); and
  • law enforcement agencies.

4.2 Cross-border disclosure of personal information

2Be may disclose personal information overseas, for example if required to complete a transaction, to provide you with products or services, or where we outsource a function to an overseas provider.

4.3 Disclosing credit information to a Credit Reporting Body (CRB)

We may disclose credit information to CRBs where it is permitted by the Privacy Act. For example, we may report information to a CRB when you:

  • default on your obligations; or
  • commit a serious infringement (e.g. fraudulent behaviour or deliberately seek to evade your obligations).

With the introduction of comprehensive credit reporting, credit reports could report both positive and negative credit information on your credit history.
CRBs may include the information we provide to them in their reports in order for them to conduct an assessment of creditworthiness.

The CRBs to whom we may disclose information include:

  • Illion Pty Ltd or its related bodies corporate

    Postal address: Illion Public Access Centre,
PO Box 7405,
    St Kilda Road, Melbourne, VIC 3004
  • Equifax Australia Information Services and Solutions Pty Ltd or its related bodies corporate

    Postal address: GPO Box 964, North Sydney, NSW 2059
  • Experian Australia Credit Services Pty Ltd or its related bodies corporate

    Postal address: GPO Box 1969, North Sydney, NSW 2060

These CRBs are each required to have a policy that explains how they will manage your credit information. If you would like to read the policies of these CRBs, please visit their websites and follow the “Privacy” links, or you can contact them directly for further information.

5. Direct marketing

We may use and disclose your personal information for marketing purposes. We will notify you at the time of collecting your personal information that your personal information may be used by us and any associated businesses for the purposes of direct marketing.

In direct marketing communications, we will provide a statement about how you can elect not to receive direct marketing. If the direct marketing communication is an email, we will provide an ‘unsubscribe’ function within the email. We do not apply a fee to unsubscribe from direct marketing communications.

We may also ask a CRB to use information it holds to identify individuals that are eligible for our products and services. You have the right to request that the CRBs do not use your information for this purpose. To opt out, contact the CRB using the contact details on their websites noted above.

6. Updating your personal information

We rely on information provided by you to ensure that personal information is accurate, up-to-date, and complete. If you wish to make any changes to your personal information, you may contact us using the details below. 

If we become aware that your personal information is inaccurate, out-of-date, or incomplete, such as when mail is returned, we will verify and update relevant systems accordingly.

7. Access and correction of personal information

We take reasonable steps to ensure that all information we collect, hold, use or disclose about you is accurate, complete, up-to-date and not irrelevant or misleading.

You may request access to, or correction of, any personal information (including credit information) that we hold about you at any time (subject to certain exceptions allowed by law). 

You can request access to, or correction of, your personal information (including credit information) by contacting us using the details below.

We will verify your identity prior to disclosing any personal information. When we receive a request for access or correction, we will usually respond to you with 7 days (in some circumstances it may take longer to respond to your request, for example, if you are requesting a large amount of information). 

There are circumstances where we are entitled to refuse your request. We will not give access to the personal information that we hold about you where it is unreasonable or impracticable to provide access, or in circumstances where the request would likely:

  • pose a serious threat to the life, health, or safety of you or any individual, or to public health or public safety;
  • risk the privacy of other individuals;
  • be frivolous or distressing;
  • relate to anticipated legal proceedings, and the correct method of access to personal information is by the process of discovery in those legal proceedings;
  • reveal the intentions of the entity in relation to negotiations with you in such a way as to prejudice those negotiations;
  • be unlawful or in breach of an Australian law;
  • prejudice the taking of appropriate action in relation to a matter where unlawful activity or misconduct has arisen that relates to our functions or activities;
  • prejudice enforcement related activities of an enforcement body (such as ASIC); or
  • reveal commercially sensitive information.

If your request is refused for any reason, we will provide written reasons setting out why we do not believe we need to provide access. We will also advise you that you can access our Internal Dispute Resolution (IDR) and External Dispute Resolution (EDR) schemes if you are dissatisfied with a decision not to provide access to personal information. You may also request us to associate a statement with that information to the effect that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading so that it is apparent to users of the information.

8. Changes we can make to this Privacy Policy

We may make changes to this Privacy Policy from time to time to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this Privacy Policy will always be available on our website. The updated version will apply from the date stated at the end of the Privacy Policy.

9. Questions or Concerns

If you believe that we have not complied with our obligations under the Privacy Act, including obligations relating to credit information under Part IIIA of the Privacy Act and the CR Code, or you would like to discuss any issues about our Privacy Policy or raise any specific or general concerns, please contact the Privacy Officer in writing.

The contact details are as follows:
Address: Level 11, 10 Carrington Street Sydney NSW 2000

We will acknowledge your concern or complaint within 10 days of receipt and provide you with written notice of any action we take in respect of your concern or complaint within 30 days.

If you are not satisfied with the way we have handled your concern or complaint, or would like more information about privacy in general, you can visit the Office of the Australia Information Commissioner’s website at:

                                10. Consent

                                You consent to us:

                                • collecting, using and disclosing personal and credit information about you in accordance with our Privacy Policy;
                                • obtaining credit information about you from a credit reporting agency;
                                • disclosing your personal information to entities located outside Australia, acknowledging that by providing this consent 2Be is not required to take reasonable steps to ensure that an overseas recipient does not breach the Australian Privacy Principles and 2Be may not be liable under the Privacy Act if the recipient does not act consistently with the Australian Privacy Principles; and
                                • disclosing your personal and credit information to another credit provider for the purpose of assessing your application for credit or for any other purpose permitted by the Privacy Act.

                                Date updated: 22 February 2022

                                Share this!