Privacy Policy
NextGen.Net Pty Ltd ABN 56 062 989 753 (“NextGen”, “we”, “us” or “our”) respects your personal information. This policy explains how we collect, use, hold and share your personal information, in compliance with our obligations under the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act) and the Privacy Regulation 2013.
NextGen is a technology provider to the mortgage lending industry which was founded and is based in Australia. We provide technology to mortgage brokers and lenders, including banks (“Customers”), to enable the electronic collection and processing of loan applications.
You may have been referred to this privacy policy from a variety of websites and services that we provide. This privacy policy applies to any site or service that makes such a referral.
We appreciate your use of our website, applications, software, products and services (collectively the “Services”). By using our Services, you agree to the Terms of this Privacy Policy.
Some of our related bodies corporate provide specific services and products which have particular legal requirements. They may therefore have separate, yet broadly consistent, privacy policies in place. For example, before setting up a Frollo account or receiving any services from Frollo Australia Pty Ltd, you should read its Privacy Policy to understand how it treats your personal information, including your financial data: www.frollo.com.au/privacy-policy.
We may make changes to this policy from time to time. Please visit our website regularly to ensure you are up-to-date on any changes.
What is personal information
For the purposes of this policy, personal information is any information or opinion about an individual that we collect or hold, which is capable of identifying an individual.
Collection and use of personal information
Our collection and use of personal information is governed by the Privacy Act.
We collect personal information which is necessary to enable us to provide the Services and carry out our business activities in support of those Services, in a number of ways. For example, we may collect your information when you register for our Services, contact us or use our website.
What information do we collect and hold
Details regarding the types of personal information collected, how it is collected and held, and the purposes for which is it is collected, held and used are set out below:
Authorised users
If you are authorised by one of our Customers to access a Service we provide to them or where we license our software directly to you via an end user licence agreement, it will be necessary to collect and hold personal information from you through our Software for the purpose of providing that Service, such as setting up account login details. Such personal information is limited to necessary information, for example, identification information such as your name, contact number or postal or email address.
Employees or potential employees
If you are employed by NextGen, or are seeking employment with us, we may collect and hold personal information about you in connection with your employment. This information may include your name, date of birth, contact information, and any other information you provide; or provided on your behalf, as part of our induction and compliance processes, including work history and details of background checks.
This information will only be used for the purposes of our recruitment process; and, if successful, managing your employment. We may from time to time need to collect sensitive personal information from you. This may include, for instance, information about your professional affiliations or memberships. We will only collect such information with your prior express consent, and only where that information is reasonably necessary.
Although we will endeavour to collect personal information directly from you, there may be occasions when we obtain personal information about you from other sources including third parties, such as personnel recruiters, where it is unreasonable or impracticable to collect the personal information directly from you. If we are unable to notify you prior to the collection of your personal data from a third party, we will always take reasonable steps to inform you as soon as practicable after the collection.
The Privacy Act provides a number of exemptions for conduct undertaken with respect to employee records. We may from time to time make use of such exemptions, where we determine it is warranted to do so.
Loan applicants
If you are applying for a loan from one of our Customers, or are a party to an application for a loan from one of our Customers (such as a guarantor), we may process, disclose and store your personal information on behalf of our Customer, for the purpose of submitting, assessing and otherwise processing your loan application. This information is collected by our Customers, who will provide the requisite details in relation to the collection, and electronically transmitted to our system.
Service management, improvement and reporting
In order to report on our provision of services to our Customers, we may utilise information collected to report to those Customers, or for our own management purposes. For example, we may report the number of users of a service or transactions we manage for a Customer. Such reporting will never include personally identifiable information. We may also analyse and use aggregate or otherwise de-identified information to operate, protect, improve and optimise our services; measure or predict service levels; conduct research; understand how we can improve the quality of loan application data collected; and to improve user experience over time.
Facebook users
If you request us to use your Facebook login to authenticate any of our services (such as our app), we will collect and hold your email and name. Our application retrieves this information through Facebook’s Graph URL and stores it in a secure database managed by NextGen. This information is used for the sole purpose of creating a user record in our application and populating the user’s name and email in their profile.
You may request us to remove your Facebook data at any time by emailing: [email protected].
We will remove any such data promptly, however, if we remove your Facebook data, you will no longer be able to authenticate using your Facebook login to our services.
Technical information
Our sites and services log activity and maintain audit trails of usage. We use this information for a variety of purposes including for detection and prevention of fraud or other malicious activities. We may disclose this information to third parties, but only where we are satisfied that the third party has a legitimate interest in this information, for example, law enforcement officials or the owner of confidential information accessed by you, and only where such disclosure is permitted under the Privacy Act.
In order to better understand how our Customers use our services, we collect and analyse aggregate and other information about our site users and transactions. This includes such things as what time of day people visit the site, what browser they use and what pages they visit. No personal or other information which may be used to identify you is included in this analysis. We may disclose certain aggregate information such as page view statistics to other parties such as our Customers. No personal or other information which may be used to identify you is included in this disclosure.
Our sites and Services use ‘cookies’. A cookie is a small piece of information stored on your computer which is sent to the site each time you request a page. Cookies help us deliver a more functional and intelligent site to you. No username, password or personal information is ever stored in a cookie. If your browser does not accept cookies, you will not be able to use our sites and Services.
Any links to third party websites are provided solely as a convenience to you. If you use these links you will leave our website. We are not responsible for any of these sites, their content or their usage of your personal information.
Customer and user management
We may collect and use personal information in order to manage customer and user relationships, respond to complaints or manage enquiries relating to the Services.
To comply with our legal obligations
We may also collect and use personal information to comply with our legal obligations, our record-keeping requirements, to resolve any disputes that we have with any of our Customers or Users, or to enforce our agreements with third parties.
Other reasonable uses
Finally, we may collect and use personal information for a purpose related to a primary purpose of collection (or in the case of sensitive information, directly related to the primary purpose) and where you would reasonably expect that we would use the information in such a way, in accordance with applicable laws.
Disclosure of personal information
We may disclose your personal information for the purposes for which it is collected and as described in this policy to:
- Employees, contractors and related bodies corporate;
- Third parties who supply us with services and specific third parties authorised by you to receive information from us;
- Other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
Your acceptance of our Services will be deemed as giving consent to the disclosures contained in this policy.
Data security and storage
The security of your personal information is very important to us and we will take reasonable steps to protect the personal data that we hold from misuse, interference, loss or unauthorised access, alteration or disclosure. Where a third party has access to or processes your personal information, they will be contractually obliged to protect and process it in a way that complies with this policy.
Subject to the remainder of this policy, we will destroy or de-identify any personal information that we hold that we no longer have any use for, other than information that we are required by law or contractual obligation to preserve for a defined retention period.
You are reminded that the internet is an unsecured means of transfer and any personal data you transmit to us by this method is at your own risk. Despite this, we will do our best to protect your personal data, including following our robust internal policies and procedures once we receive it.
Cross border disclosure
All of our data is stored on servers located in Australia and the majority of personal information in this data is not transmitted outside of Australia. However, in some circumstances, including in relation to applicants for employment with us, we do share some personal information with organisations located outside of Australia. Such recipients are likely to be located in the United States of America, the United Kingdom or countries within the European Union.
Prior to disclosing your personal information to an overseas recipient, we will take reasonable steps to ensure that the overseas entity does not breach the Australian Privacy Principles; or is subject to a substantially similar privacy law or binding scheme, or that you have consented to the disclosure prior to the disclosure being made.
Access to your personal information
You can request access to personal information that we hold about you. Such requests should be directed to our Privacy Officer and we will respond within a reasonable period after the request is received. A reasonable fee might be charged dependent on the nature of your request. Our Privacy Officer will be able to discuss this with you (see below for our Privacy Officer’s contact details).
We may require you to complete a written application and verify your identity. If your request for information is complex you will need to specify the information that you wish to access in some detail.
You should also anticipate that it may take some time to process your application for access as there may be a need to retrieve information from storage and review information in order to determine what information may be provided.
Under certain circumstances, we may refuse to provide you with access to all of your personal information, and in those circumstances we will provide you with a written notice containing our reasons for the refusal, how you may complain if you disagree with the basis for our refusal, and any other matters required by law.
Correction of your personal information
You can request correction of the personal information that we hold about you, if you think it is inaccurate. Such requests should be directed to our Privacy Officer and we will respond within a reasonable period after the request is made (see below for our Privacy Officer’s contact details).
We may require you to complete a written application and verify your identity. You will not be charged a fee in relation to requests to correct your personal information.
If we correct your personal information, we will take reasonable steps to notify any third parties it has previously been disclosed to, unless it is impracticable or unlawful to do so.
Under certain circumstances, we may refuse to correct your personal information, and in those circumstances we will provide you with a written notice containing our reasons for the refusal, how you may complain if you disagree with the basis for our refusal, and any other matters required by law.
Privacy Officer
If you have any questions regarding this policy, need to update or access your personal data, or believe there has been a breach of your privacy and you would like to make a complaint, please contact our Privacy Officer:
Email: [email protected]
Mail: PO Box 1993, North Sydney NSW 2059
Please include the following information when contacting us:
- Your full name
- Your company name (if applicable)
- Your contact details
- Your preferred contact method of contact (phone or email or letter)
- Details of your request, question or complaint.
Complaints
If you have a concern or are dissatisfied with how we have handled your personal information, please contact our Privacy Officer in writing. Once your complaint is received, we will acknowledge receipt of the complaint within five (5) business days of being received. We will then follow our ‘Internal Dispute Resolution Policy & Procedure’ to ensure your complaint is dealt with promptly, fairly and consistently. We will endeavour to resolve all complaints within 30 working days. If due to the nature of your complaint it cannot be resolved during this timeframe, we will inform you of this fact and will endeavour to resolve the complaint within a reasonable timeframe with periodic updates provided to you thereafter. We will notify you in writing of the outcome of our enquiries and investigations into your complaint.
If you are dissatisfied with our response, you can contact our External Dispute Resolution (EDR) scheme, the Australian Financial Complaints Authority (AFCA):
Online: www.afca.org.au
Email: [email protected]
Phone: 1800 931 678
Mail: GPO Box 3, Melbourne VIC 3001
You may also register a complaint with the Office of the Information Commissioner (OAIC):
Online: www.oaic.gov.au/privacy
Email: [email protected]
Phone: 1300 363 992
Mail: GPO Box 5288, Sydney NSW 2001
XS
SM
MD
LG
XL
XXL