- Provider has adopted this Policy in accordance with Australian privacy law.
- This Policy outlines how Provider deals with Personal Information, which it collects in conjunction with the Services.
- Provider may also collect information about Individuals who do not use the Services.
- Capitalised words in this Policy are defined terms. Defined terms are explained at the end of this Policy.
Organisations using the services
Provider provides the Services to Organisations, which use them to automate their workflow. Both Provider and the Organisations may collect Personal Information about Individuals, including when:
- Individuals register for or access a website provided by the Organisation with the Services;
- Organisations collect information directly from Individuals and store that data in the Services;
- Organisations give Provider access to their files containing Personal Information; and
- Organisations enter or process information (such as notes or files) about Individuals using the Services.
Types of Information that Provider collects and holds
Using processes described in this Policy, Provider collects the following categories of Personal Information about Individuals:
- (Content) whatever Personal Information is included in content Organisations enter using Provider’s Services;
- (Identity Information) name, signature, date of birth, nationality, license & registration details, bank account details and other financial details, credit information, family details, employment details, educational qualifications, usernames;
- (Contact Information) email address, social media profiles, telephone & fax number, third-party usernames, residential, Provider and postal addresses;
- (Behaviour Information) habits, movements, trends, decisions, associations, memberships, finances, purchases, loans;
- (Internet Data) webpage views, IP address, referring web site addresses, location, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google Analytics.
How Provider stores Personal Information
Provider holds and stores Personal Information using:
- (Storage Services) third party data storage services, including applications and software; and
- (Provider Devices) devices operated by employees of Provider’s business.
Provider will take reasonable precautions to protect Personal Information from unauthorised access. This includes measures to secure the Provider’s physical facilities and electronic networks.
Provider secures Personal Information that Provider collects with Microsoft Dynamics security services, credentials, passwords, pins, encryption, session expiry, firewalls, SSL network encryption, and through the use of reputable vendors.
For more information on security, please contact Provider using the details in the “contacting us” below.
Provider deletes Personal Information when users close their account with us.
Why data is held, used and disclosed
Provider’s handling of Personal Information includes holding, using and sometimes sharing the Personal Information so that Provider can:
- provide functionality within the Services;
- provide functionality to Organisations;
- provide notifications and support;
- offer marketing and promotions, competitions, surveys and questionnaires;
- transact with Individuals and process payments;
- assess and improve the Services;
- provide secure access to the Services.
For more information on when Provider shares Personal Information, see below.
Handling of data
Some collection, holding, use and disclosure of information happens simply by virtue of Organisations using the Services.
The purpose of the Service is to allow Organisations enter, manage and communicate information, including the Personal Information of Individuals, relating to real estate loan tracking and financing.
The Service’s purpose is also to allow Organisations to analyse data that accumulates through the use of the Service.
Disclosing Personal Information
Provider shares Personal Information with others in the following ways:
- storing details about Individuals in their pages on Provider’s Service;
- facilitating the sharing of information about sales, inquiries and payments; and
- in the course of managing Organisations’ workflow stream.
Service providers can access personal information
When Provider uses the services of companies that Provider works with to provide the Services, they may get access to the Provider’s data, including Personal Information. Such third party services may include:
- (Hosting) Cloud and web hosting service providers;
- (SaaS) providers of software as a service;
- (Support) providers of IT support services, web and software development;
- (Data analytics) Google Analytics (see https://www.google.com/intl/en/policies/privacy/);
- (Online payment) providers of online payment systems; and
- (Apple device functionality providers) Apple location services, Siri dictation, Apple Maps, Apple Notifications (see https://www.apple.com/au/privacy/).
Provider will only share Personal Information with these third parties to the extent reasonably necessary to perform their functions.
These third parties may have their own privacy and security policies. For more information about this, please contact Provider using the details listed in the “contacting us” section below.
For information on disclosures to overseas recipients, see below.
Disclosing information overseas
The Provider may store or process some Personal Information overseas. Individuals may not have the same rights relating to their information when it is overseas as they would under Australian privacy law.
Individuals consent to such transfer, Provider will not be accountable for overseas recipients’ handling of their Personal Information.
Organisations may edit content and account details within the Services.
Individuals can also contact the Provider using the details below if they want to access, correct or delete Personal Information or lodge a complaint.
Provider reserves the right to refuse access or correction where there are reasonable grounds for doing so, for example if providing access would be unlawful or would compromise the privacy of another person.
If Individuals have a complaint about privacy, they can contact Provider using the details listed above.
Provider will respond to complaints in writing within a reasonable period (usually 10 business days from the day Provider receives an email).
Provider will try to work with Individuals to resolve complaints entirely within 30 business days, although that period may be longer if it is reasonable to take longer given the nature of the complaint.
If Individuals are unsatisfied with our response, they may refer the complaint to the Office of the Australian Information Commissioner (https://www.oaic.gov.au/).
means a natural person.
means third party Organisations using the Services including mortgage broker(s) and brokerage firms.
means information about an Individual whose identity is apparent, or can reasonably be ascertained, from that information. This includes information like names, telephone numbers, email addresses and physical addresses.
means this document, drafted in accordance with the Privacy Act 1988 (Cth)
means Mortgage Brokers Software Pty Ltd.
means the mortgage broking software provided by Provider known as “BrokerEngine”.