Privacy Policy  

Version 2. Effective September 2019  

1. Our commitment to your privacy  

Metal Manufactures Pty Limited (“MMPL”, “Group”, “we”, “us” or “our”) respects your  privacy. MMPL takes its privacy obligations very seriously and wishes to ensure you  that your personal information is dealt with in accordance with the Privacy Act 1988 (as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012)  (Cth) (“Privacy Act”), the Australian Privacy Principles set out in the Privacy Act  (“APP’s”) and this privacy policy.  

This policy documents how we manage personal information, and is intended to  enhance the transparency of our company’s operations, by notifying you of your rights  and our obligations and provide information regarding:  

1. the kinds of personal information which we will collect and hold; 

 2. how we will collect, hold, use and disclose personal information;  

3. the purpose for which we collect, hold, use and disclose personal information;  

4. how you may access personal information that is held by us and seek correction  of such information;  

5. how you may complain about a breach of the APP’s or registered APP code (if  any) that binds us and how we will deal with such a complaint; and  

6. whether we are likely to disclose personal information to overseas recipients.  

This policy also includes our policy on the handling of credit reports and other credit related information.  

We update our privacy policy periodically and encourage you to check our website  regularly for any updates. A hardcopy of our privacy policy is also available upon  request.  

2. Our company  

MMPL is a company which carries on businesses in Australia under various trading  names.  

Some of our Australian business units and subsidiaries have separate policies that are  consistent with our Group policy. If you are a customer of these business units or  subsidiaries, please refer to their respective policies.  

3. Acknowledgements  

 We acknowledge that we must take reasonable steps when handling personal   information, and we will endeavour to follow this policy on each occasion, and   have taken reasonable steps to comply with the APP’s and the Act, some examples   are noted below. 

1. Implementation of this privacy policy.  

2. Staff training and education (including internal procedures for our staff).  

3. Clear and transparent procedures regarding handling of complaints and   disclosure of information.  

4. How we will collect and hold your personal information  Personal information  

For the purposes of the Act and this policy, “personal information” means information  or an opinion (including information or an opinion forming part of a database), whether  true or not, and whether recorded in a material form or not, about an individual whose  identity is apparent, or can reasonably be ascertained, from the information or opinion.  

Whenever it is reasonable and practicable to do so, we collect personal information  about you directly from you. In some cases, your personal information may be provided  to us by third parties such as business associates or agents. If you are asked to provide  information about others it is your responsibility to ensure that you have their consent  or are otherwise entitled to provide this information to us.  

We may also collect personal information that we request from you regarding your use  of our services or that we collect automatically from your visits to our websites.  

It is your responsibility to provide us with current and accurate personal information so  that we can provide our services to you.  

Some examples of personal information that we might collect include:  

1. your legal name;  

2. your business and trading names;  

3. the name and title of the individual who represents your organisation or access  our websites on your behalf;  

4. the email address of that individual and the organisation;  

5. the website address and the domain type of your organisation;  

6. the telephone numbers, facsimile, postal and street addresses of the  organisation information disclosed about your organisation in the enquiry or  message submitted, including information we might be able to infer from the  context such as sectoral, employment, turnover, geographical, and size issues;  

7. the subject matter of the enquiry or message;  

8. your browsing history on our website; and  

9. records of your communications and other interactions with us.   

Sensitive information  

For the purposes of the Act and this policy, “sensitive information” means a type of  personal information which includes information about an individual’s racial or ethnic  origin; health information; political opinions; membership of a political, professional or  trade association or trade union; religious beliefs or affiliations; philosophical beliefs;  sexual orientation or practices; and criminal record.  

MMPL will not collect sensitive information except when the individual client has  consented, it is required by law, or in other special specified circumstances, for  example relating to individual or public health or safety.  

Anonymous information  

If you or your organisation prefers, it may remain anonymous to the extent that the  name of the organisation need not be provided to us or in being provided it is marked  in a way that indicates that you prefer not to be personally identified. However, all data  necessary for contractual relations to exist in real time must be provided if we are to  be able to fully supply you with our services.  

 In circumstances where we are required to do so, or are authorised by law, a court or   tribunal to ask for your identification, we will request your personal information.  

 Further it is likely that it will be impractical for us to interact with you without some   form of identification, and therefore we may request identification details from you at   the beginning of each transaction. For example, we will not be able to open a   commercial credit trading account or process a commercial credit application for you   without obtaining identification details.  

The purposes for which we collect and hold personal information  

We will endeavour to only collect and hold personal information which is relevant to   the operation of our company.  

 Our purpose for collecting or holding personal information about you is so that it may   be used directly for our functions or activities.  

 We may use your personal information for the functions or activities of our company   to, for example:  

1. assess credit applications;  

2. review existing credit terms;  

3. assess credit worthiness;  

4. collect overdue payments;  

5. assess credit guarantees (current and prospective);  

6. internal management purposes;  

7. marketing;  

8. sales; and 

9. business development purposes and direct marketing.  

 We may also collect personal information for both the primary purposes specified   herein and purposes other than the primary purposes, including the purpose of   direct marketing.  

 We may also collect personal information from other credit providers, Credit   Reporting Bodies and any other third parties for the purposes of our functions and   activities including, but not limited to, credit, sales, marketing and administration.  


4. How we will hold your personal information  

We will take steps to hold personal information in a manner which is secure and   protected from unauthorised access.  

 Your information may be held in either a psychical form or in electronic form on our IT   system.  

 We will take steps to protect the information against the modification, disclosure or   misuse by including such things as physical restrictions, password protection for   accessing electronic IT systems.  

 We will also endeavour to ensure that our service providers have protection for   electronic IT systems and other necessary restrictions.  

 We will endeavour to ensure our staff are trained with respect to the security of the   personal information we hold and we will restrict any access where necessary.  

 We will endeavour to destroy and de-identify the personal information once it is no   longer required.  

 In the event we hold personal information that is unsolicited and we were not   permitted to collect it, the personal information will be destroyed as soon as   practicable.  

  

Meeting regulatory requirements  

 We only collect and hold personal information by lawful and fair means.  

We also collect your personal information in order to satisfy our regulatory obligations  under applicable laws and rules.  

In some circumstances, we may collect and hold personal information that has been  collected from a third-party or publicly available source. This will likely occur in  instances where:  

1. you have consented for this collection (which would usually be via our credit   application form); or  

2. you would reasonably expect us to collect your personal information in this way  and it is necessary for us to collect this information for a specific purpose.  

In certain circumstances, your information may be disclosed where required or  authorised by law, for example, to government and regulatory authorities or in  emergency situations and when assisting in lawful enforcement. 


5. Use of information  

We collect, hold and use your personal information to enable us to use your details to  contact you and to reply to any queries or requests in relation to your account and in  relation to the supply to you of our goods and services.  

We use your personal information in the administration of your account, which includes  us contacting you in order to update your account details (this assists us with keeping  our records as up to date as possible) or in order to notify you of changes or  improvements to our products or services that may affect our service to you. We may  disclose your personal information to administrators who assist in the administration of  your account from time to time.  

We use your personal information in order to supply our goods and services to you  and to meet our contractual obligations to you.  

Direct marketing  

You consent to us directly marketing our products and service offerings to you. You  may withdraw your consent and opt out at any time by making a request (by email) to  us not to receive direct marketing communications from us or any company we may  approve.  

We restrict the disclosure of an individual’s details to only those organisations and  individuals that we feel you would reasonably expect to receive direct marketing  material from. Third parties to which we provide personal information will only use it for  the purposes for which it is collected or otherwise as permitted by law.  

You consent to us providing personal information about you to:  

1. commercial companies that have genuine and relevant product or service to  inform you of, and to whom you would reasonably expect us to disclose  information as part of our service offering to you;  

2. organisations involved in distribution or administration for and on behalf of us  or related bodies corporate; and  

3. as otherwise permitted or required by law.  

 

6. Disclosure of information  

Disclosure  

 We will endeavour to only use and disclose personal information for the primary   purposes noted above in relation to the functions or activities of our company.  

Subject to our confidentiality obligations, we may disclose your personal information  with anyone that you have given us permission to, any person acting on your behalf or  a person or MMPL partner who may have introduced you to us.  

We may disclose your personal information to third parties to assist us in providing our  services. Your information will be disclosed to third parties on a confidential basis and  only if that disclosure is necessary to provide you with our services. 

We may use and disclose your personal information for other purposes than you have  consented to.  

Disclosure to Credit Reporting Bodies (“CRB’s”)  

We may disclose personal information to a CRB in accordance with the permitted  disclosures as defined under the Act.  

We may disclose your Credit Information to a number of CRB’s, some of these are   listed below.  

  

  • Veda Advantage  
    Level 15, 100 Arthur Street  NORTH SYDNEY NSW 2060  Tel: 1300 921 621  
     
  • NCI  
    Level 2, 165 Grenfell St  ADELAIDE SA 5000  Tel: 1800 882 820  
     
  • Illion  
    Level 2, 143 Coronation Drive  MILTON QLD 4064  
    Tel: 07 3360 0600 
     
  • Creditor Watch  
    Level 13, 109 Pitt Street  SYDNEY NSW 2000  Tel: 1300 501 312  
     
  • Experian  
    Level 6, 549 St Kilda Road  MELBOURNE VIC 3004  Tel: 03 9699 0100 

A copy of the credit reporting policy for the CRB’s listed above will be available on  their website or will be provided in hard copy upon request.  


7. Disclosure overseas  

From time to time we may send your information overseas, including to overseas  Group members and to service providers or other third parties who operate or hold  data outside Australia. Where we do this, we ensure that appropriate data handling  and security arrangements are in place. Please note that Australian law may not apply  to some of these entities.  


8. Information Security and Storage  

Customer information is stored in databases shared by the MMPL group (and its  related bodies corporate) situated within Australia and equivalent jurisdictions. MMPL  may also disclose your personal information to companies that are part of the MMPL  corporate family which may be located overseas (in which case your personal  information will remain confidential and the purpose for which the information is  collected and used will not change).  

We use secure servers in order to store your personal information and ensure proper  data storage. We take all reasonable measures to protect personal information that we  hold from misuse, loss, unauthorised access, modification or disclosure.  

If you provide paper-based documentation, we may retain the paper documents in  addition to saving copies in an electronic format.  

In addition to sharing your information with the MMPL corporate family, we may store  your data using overseas cloud storage products as well as other overseas information  technology products and services, where we reasonably believe that the overseas  recipient is subject to laws that protect the information in a substantially similar way to  the APP’s. We will take reasonable steps to ensure that the overseas recipient does  not breach the APP’s in relation to the information. We will only transfer personal  information outside Australia to a third-party recipient, if the recipient of the information  agrees (or is compelled) to comply with privacy policies that are in accordance with (or  are more stringent than) the APP’s. 


9. Credit checks and credit reporting  

Where you apply to us for credit or propose to be a guarantor, one of our checks  involves obtaining a credit report about you.  

You consent to us obtaining and making disclosure of Information (as that term is  defined in the Act) about you from and to a CRB and/or another credit provider for a  commercial credit related purpose and/or a credit guarantee purpose and/or a  consumer credit purpose and/or another related purpose. We hereby notify you we  may use and/or disclose credit eligibility information under section 21G of the Act.  

Credit reports  

A credit report contains information about your credit history which helps credit  providers assess your credit applications, verify your identity and manage accounts  you hold with them. Credit reporting bodies collect and exchange this information with  credit providers like us and other service providers such as phone companies.  

The Privacy Act limits the information that credit providers can disclose about you to  credit reporting bodies, as well as the ways in which credit providers can use credit  reports.  

Information exchanged with credit reporting bodies  

The information we can exchange includes your identification details, what type of  credit has been extended to you, the amount of credit extended to you, whether or not  you have met your credit obligations and if you have committed a serious credit  infringement (such as fraud). We also ask the CRB to provide us with an overall  assessment score of your creditworthiness.  

Use and storage of credit-related information  

We use information from credit reporting bodies to confirm your identity, assess  applications for credit, manage our relationship with you and collect overdue  payments. We may also use this information as part of arriving at our own internal  assessment of your creditworthiness.  

We store credit-related information with your other personal information. You can  access credit-related information we hold about you, request us to correct the  information and make a complaint to us about your credit-related information.  

Credit providers may ask credit reporting bodies to use their credit-related information  to pre-screen you for direct marketing. You can ask a CRB not to do this. Also, if you’ve  been, or have reason to believe that you’re likely to become, a victim of fraud (including  identity fraud), you can ask the CRB not to use or disclose the credit-related  information it holds about you.  


10. Procedures for accessing, updating and correcting your  information  

You can contact us to access, correct or update your personal information.  

We will investigate and deal with your correction request or complaint in a fair, efficient  and timely manner. We will normally respond within 30 days. 

You can make a request for access by contacting your local Service Centre, or   alternatively, by sending an email or letter addressed to our Privacy Officer,   details specified below.  

 The Privacy Officer  

 Metal Manufactures Pty Limited  

 Phone: +61 2 8839 9000  

 Email: reportincident@mml.com.au  

 With any request that is made we will need to authenticate your identity to ensure the   correct person is requesting the information.  

 We will not charge you for making the request, however if reasonable we may charge   you with the costs associated with your request.  

You will only be granted access to your personal information where we are permitted  or required by law to grant access. We are unable to provide you with access that is  unlawful.  

MMPL may deny access to information in certain circumstances as permitted by  law. For example, there are exemptions as specified in the APP’s where access may  be denied. If this is the case, we will provide you with the reason for our decision.  

Should we hold personal information and it is inaccurate, out of date, incomplete,   irrelevant or misleading, or incorrect you have the right to make us aware of this   fact and request that it be corrected.  

 If you would like to make a request to correct your information please contact your   local Service Centre or our Privacy Officer on the details above.  

 In assessing your request, we need to be satisfied that the information is inaccurate,   out of date, incomplete, irrelevant or misleading. We will then take all reasonable   steps to ensure that it is accurate, up to date, complete and not misleading.  

 We will normally resolve any correction requests within 30 days. If we require   further time we will notify you in writing and seek your consent.  


11. Complaints  

 In the event that you wish to make a complaint about a failure of us to comply with   our obligations in relation to the Act or the APP’s please raise this with our Privacy   Officer on the contact details below:  

The Privacy Officer  

 Metal Manufactures Pty Limited  

 Phone: +61 2 8839 9000  

 Email: reportincident@mml.com.au

 In dealing with your complaint we may need to consult another credit provider or third   party.  

 If you are not satisfied with the process of making a complaint to our Privacy Officer   you may make a complaint to the Information Commissioner. Details of which are 

below. We suggest you do this only after you have first followed our internal   complaint processes.  

 Office of the Australian Information Commissioner  

 GPO Box 5218 Sydney NSW 2001  

 Email: enquiries@oaic.gov.au 

 Telephone: 1300 363 992  

 Facsimile: +61 2 9284 9666  

 The Information Commissioner can decline to investigate a complaint on a number of   grounds, including where the complaint wasn’t made at first to us.  


12. Notification of Changes  

If we decide to change our privacy policy, we will post a copy on our website.  


13. Further information about privacy rights and credit reporting  rules  

For further information about the APP’s, the Act, or the credit reporting rules please  visit the Office of the Australian Information Commissioner website at www.oaic.gov.au.  

This document does not create any additional rights under contract, statute or equity  law.