NextGen Logo NextGen Logo
HomePrivacy Policy

Privacy Policy

Effective Date: 18 August 2025

NextGen.Net Pty Ltd ABN 56 062 989 753 (“NextGen”, “we”, “us” or “our”) respects your personal information. This policy explains how we collect, use, hold and share your personal information, in compliance with our obligations under the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and the Privacy Regulation 2013.

NextGen is a technology provider to the mortgage lending industry which was founded and is based in Australia. We provide technology to mortgage brokers and lenders, including banks (“Customers”), to enable the electronic collection and processing of loan applications.

We appreciate your use of our website, applications, software, products and services (collectively the “Services”). By using the Services, you agree to the terms of this Privacy Policy.

This Privacy Policy applies to all personal information we handle in connection with our business activities, including:

  • the provision of our technology services to Customers;
  • the provision of identity verification and validation services, including the NextGenID service;
  • management of our website, applications, software, products and services; and
  • our recruitment and employment activities, including where we use AI-enabled tools provided by third-party vendors.

We may make changes to this policy from time to time. Please visit our website regularly to ensure you are up to date on any changes.

What is personal information

For the purposes of this policy, personal information is any information or opinion about an individual that we collect, use or hold, which is capable of identifying an individual.

Collection and use of personal information

We collect personal information which is necessary to provide our Services and carry out related business activities. This may occur when you register for our Services, contact us, use our website, apply for a role, or participate in identity verification and validation.

What information do we collect and hold

Authorised users

If you are authorised by one of our Customers to access a Service we provide to them, or where we license our software directly to you, we may collect necessary identification and contact details to set up your account.

Employees or potential employees

If you apply for a role with us or are employed by us, we may collect personal and sensitive information to manage recruitment and employment. This information may include your name, date of birth, contact information, and any other information you provide, or is provided on your behalf, as part of our induction and compliance processes, including work history and details of background checks.

The Privacy Act provides a number of exemptions for conduct undertaken with respect to employee records. We may from time to time make use of such exemptions, where we determine it is warranted to do so.

AI-enabled recruitment services

We may use recruitment software provided by our service provider(s) to manage job applications, which may include tools that incorporate artificial intelligence supplied by one or more AI providers. These tools may assist with recruitment tasks such as summarising résumés, drafting interview questions and communications, assessing skills, and transcribing interview recordings. The personal information processed in this way may include your résumé text, responses to application questions, and interview transcripts. These AI tools are used to generate suggestions or summaries to support our recruitment team, and all final decisions about your application are made by our human recruitment staff.

Some of these service providers (including AI tool providers) may be located outside Australia. Where we disclose your personal information to these providers, we will comply with the requirements of APP 8 (cross-border disclosure) as described in this policy.

We will store your personal information only as long as necessary for the process, or for up to 12 months if you opt in to be considered for future roles. At the end of these periods, your personal information will be securely destroyed or de-identified.

Loan applicants

If you are applying for a loan from or through one of our Customers, or are a party to such an application (for example, as a guarantor), we may collect, process, disclose, and store your personal information on behalf of that Customer for the purposes of submitting, assessing, and otherwise processing the loan application. This information is collected by our Customers, who will provide you with the required details regarding its collection, and is then transmitted electronically to our system.

NextGenID

Part of our Services provided to Customers (which may include your mortgage broker or lenders) (“Requesting Entities”) involves verification of individuals’ identity as part of a loan application. Identity verification and validation is provided under our NextGenID service. 

This identity verification and validation service involves use of the Australian Government’s Document Verification Service (DVS), which is operated by the Commonwealth of Australia and enables checking of identity information against official records held by government agencies.

As part of that service, we act as a Gateway Service Provider under the DVS.

When you use NextGenID, we collect from you:

  • Images of your face and identity documents; and
  • Your location to verify the authenticity of your documents

We will use this information to:

  • Conduct identity verification and validation for your Requesting Entity;
  • Facilitate an Information Match Request, which checks some of your details (not including your biometrics) with the relevant document issuer or official record holder through the DVS; and
  • Share the outcome of your identity verification and validation with your Requesting Entity as part of your loan application.

We will only collect and process biometrics with your explicit consent. Your biometrics will be used solely for identity verification and fraud prevention, and will not be shared with document issuers or official record holders.

The DVS does not store the information it checks. Once the match is performed, your personal information is not retained by the DVS

We may also disclose certain of your personal information to our trusted service providers (bound by contract to comply with the Privacy Act) and government agencies, regulators, or law enforcement as required or authorised by law.

We store this information securely and retain it only for as long as necessary to complete verification, or longer where required by law or for audit, dispute resolution, or fraud prevention. 

Service management, improvement and reporting

In order to report on our provision of Services to our Customers, we may utilise information collected to report to those Customers, or for our own management purposes. For example, we may report the number of users of a Service or transactions we manage for a Customer. Such reporting will never include personally identifiable information. We may also analyse and use aggregate or otherwise de-identified information to operate, protect, improve and optimise our services; measure or predict service levels; conduct research; understand how we can improve the quality of loan application data collected; and to improve user experience over time.

Facebook users

If you request us to use your Facebook login to authenticate any of our services (such as our app), we will collect and hold your email and name. Our application retrieves this information through Facebook’s Graph URL and stores it in a secure database managed by NextGen. This information is used for the sole purpose of creating a user record in our application and populating the user’s name and email in their profile.

You may request us to remove your Facebook data at any time by emailing: [email protected]

We will remove any such data promptly, however, if we remove your Facebook data, you will no longer be able to authenticate using your Facebook login to our services.

Technical information

Our sites and services log activity and maintain audit trails of usage. We use this information for a variety of purposes including for detection and prevention of fraud or other malicious activities. We may disclose this information to third parties, but only where we are satisfied that the third party has a legitimate interest in this information, for example, law enforcement officials or the owner of confidential information accessed by you, and only where such disclosure is permitted under the Privacy Act.

In order to better understand how our Customers use our services, we collect and analyse aggregate and other information about our site users and transactions. This includes such things as what time of day people visit the site, what browser they use and what pages they visit. No personal or other information which may be used to identify you is included in this analysis. We may disclose certain aggregate information such as page view statistics to other parties such as our Customers. No personal or other information which may be used to identify you is included in this disclosure.

Our sites and Services use ‘cookies’. A cookie is a small piece of information stored on your computer which is sent to the site each time you request a page. Cookies help us deliver a more functional and intelligent site to you. No username, password or personal information is ever stored in a cookie. If your browser does not accept cookies, you will not be able to use our sites and Services.

Any links to third party websites are provided solely as a convenience to you. If you use these links you will leave our website. We are not responsible for any of these sites, their content or their usage of your personal information.

Customer and user management

We may collect and use personal information in order to manage customer and user relationships, respond to complaints or manage enquiries relating to the Services.

To comply with our legal obligations

We may also collect and use personal information to comply with our legal obligations, our record-keeping requirements, to resolve any disputes that we have with any of our Customers or Users, or to enforce our agreements with third parties.

Other reasonable uses and disclosures

We may use or disclose your personal information for a secondary purpose in accordance with the Australian Privacy Principles, including:

  • For non-sensitive information, where the secondary purpose is related to the primary purpose of collection, and you would reasonably expect such use or disclosure; or
  • For sensitive information, where the secondary purpose is directly related to the primary purpose of collection, and you would reasonably expect such use or disclosure.

These are the conditions in APP 6.2(a).

Separately, we may also use or disclose your personal information where another exception under APP 6 applies, such as where the use or disclosure is required or authorised by or under an Australian law or a court/tribunal order (APP 6.2(b)), or in permitted general situations or permitted health situations (APP 6.2(c)–(e)).

Disclosure of personal information

We may disclose your personal information for the purposes for which it is collected and as described in this policy to:

  • Employees, contractors and related bodies corporate;
  • Third parties who supply us with services and specific third parties authorised by you to receive information from us. This may include service providers engaged in our recruitment processes which may process your personal information using AI-enabled tools as described further above. These service providers may be located outside Australia;
  • Other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

We will only disclose your personal information as described in this policy where we are permitted or required to do so by law, or where you have provided your consent. In circumstances where consent is required, we will seek your express agreement before making the disclosure.

Data security and storage

The security of your personal information is very important to us and we will take reasonable steps to protect the personal data that we hold from misuse, interference, loss or unauthorised access, alteration or disclosure. Where a third party has access to or processes your personal information, they will be contractually obliged to protect and process it in a way that complies with this policy.

Subject to the remainder of this policy, we will destroy or de-identify any personal information that we hold that we no longer have any use for, other than information that we are required by law or contractual obligation to preserve for a defined retention period.

You are reminded that the internet is an unsecured means of transfer and any personal data you transmit to us by this method is at your own risk. Despite this, we will do our best to protect your personal data, including following our robust internal policies and procedures once we receive it.

Cross-border disclosure

While most personal information is stored in Australia, we may disclose information to recipients overseas, including in the United States, the United Kingdom, and EU countries.

Where APP 8.1 applies, we will take reasonable steps to ensure that any overseas recipient does not breach the Australian Privacy Principles in relation to the information.

Where we rely on express consent under APP 8.2(b), we will inform you of the consequences described above before disclosure.

Access to your personal information

You can request access to personal information that we hold about you. Such requests should be directed to our Privacy Officer and we will respond within a reasonable period after the request is received. A reasonable fee might be charged dependent on the nature of your request. Our Privacy Officer will be able to discuss this with you (see below for our Privacy Officer’s contact details).

We may require you to complete a written application and verify your identity. If your request for information is complex you will need to specify the information that you wish to access in some detail.

You should also anticipate that it may take some time to process your application for access as there may be a need to retrieve information from storage and review information in order to determine what information may be provided.

Under certain circumstances, we may refuse to provide you with access to all of your personal information, and in those circumstances we will provide you with a written notice containing our reasons for the refusal, how you may complain if you disagree with the basis for our refusal, and any other matters required by law.

Correction of your personal information

You can request correction of the personal information that we hold about you, if you think it is inaccurate. Such requests should be directed to our Privacy Officer and we will respond within a reasonable period after the request is made (see below for our Privacy Officer’s contact details).

We may require you to complete a written application and verify your identity. You will not be charged a fee in relation to requests to correct your personal information.

If we correct your personal information, we will take reasonable steps to notify any third parties it has previously been disclosed to, unless it is impracticable or unlawful to do so.

Under certain circumstances, we may refuse to correct your personal information, and in those circumstances we will provide you with a written notice containing our reasons for the refusal, how you may complain if you disagree with the basis for our refusal, and any other matters required by law.

Privacy Officer

If you have any questions regarding this policy, need to update or access your personal data, or believe there has been a breach of your privacy and you would like to make a complaint, please contact our Privacy Officer:

Email: [email protected]

Mail: PO Box 1993, North Sydney NSW 2059

Please include the following information when contacting us:

  • Your full name
  • Your company name (if applicable)
  • Your contact details
  • Your preferred contact method of contact (phone or email or letter)
  • Details of your request, question or complaint.

Complaints

If you have a concern or are dissatisfied with how we have handled your personal information, please contact our Privacy Officer in writing. Once your complaint is received, we will acknowledge receipt of the complaint within five (5) business days of being received. We will then follow our ‘Internal Dispute Resolution Policy & Procedure’ to ensure your complaint is dealt with promptly, fairly and consistently. We will endeavour to resolve all complaints within 30 working days. If due to the nature of your complaint it cannot be resolved during this timeframe, we will inform you of this fact and will endeavour to resolve the complaint within a reasonable timeframe with periodic updates provided to you thereafter. We will notify you in writing of the outcome of our enquiries and investigations into your complaint.

If you are dissatisfied with our response, you can contact our External Dispute Resolution (EDR) scheme, the Australian Financial Complaints Authority (AFCA):

Online: www.afca.org.au

Email: [email protected]

Phone: 1800 931 678

Mail: GPO Box 3, Melbourne VIC 3001

You may also register a complaint with the Office of the Information Commissioner (OAIC):

Online: www.oaic.gov.au/privacy

Email: [email protected]

Phone: 1300 363 992

Mail: GPO Box 5288, Sydney NSW 2001