1300 760 930

Privacy policy

Our Privacy Commitment

When you trust Capify Australia PTY LIMITED (ABN 38 630 469 117) with your personal and credit-related information, we know you expect us to protect it and keep it safe.

This means that when we receive your personal and financial information we:

  • tell you how we may use it
  • keep it in a secure way
  • make sure it is kept accurate and up to date
  • restrict how we use it
  • restrict who we provide it to.

This policy explains the main ways we collect, handle, disclose and protect your personal information and how we comply with the Privacy act 1988 (Cth) as amended from time to time (“Privacy Act”) and Australian Privacy Principles. It also describes the types of information we may collect from you, including your:

  • personal information; and
  • your credit-related personal information and credit eligibility information (‘credit-related information’), including information about your applications for commercial credit and credit accounts with Capify and your credit reporting information that we derive from credit reporting bodies (‘CRBs’) and from other credit providers.

While the Privacy Act uses a variety of terms to refer to the information above, to make it easier to read this policy, we refer to it below collectively as “personal information”.


When you engage Capify to provide you with any products or services, apply or complete an application for commercial credit, communicate with Capify through email, by telephone, in writing, or use any of Capify’s other services, including the Capify website, you agree to the use and disclosure of your personal information in the manner described in this policy. Where applicable we may require you to confirm your express, explicit consent when collecting your personal information for the purposes of compliance with the Privacy Act and the regulations set out in the General Data Protection Regulation (EU) (‘GDPR’).

This policy is also relevant and applies to other individuals we deal with in connection with commercial credit we provide, such as guarantors and directors.

When this document refers to “we” or “us” we mean Capify.

How to contact us

You can contact us about this policy or our products and services by:

  • calling: 1300 760 930
  • e-mailing: [email protected] by mail to Level 7, 32 Phillip St Parramatta, NSW, 2150

If practical, you can contact us without identifying yourself. However, if you don’t identify yourself, we may not be able to give you the information and services you would otherwise expect to receive.

  • What sorts of personal information do we ask for?
  • We will only ask for information relevant to our business relationship with you.
  • We collect personal information such as:
  • information that identifies you, like: your name, address, date of birth, telephone number, occupation, and drivers license number;
  • your debit or credit account details;
  • your financial position, like: income, expenses, and liabilities information;
  • information we collect from you when providing our products and services to you;
  • emails, user ID’s and passwords;
  • records of communications with Capify;
  • personal website usage information;
  • your opinion about our products, services or staff. when we conduct market research.

Where you have applied for commercial credit or have agreed to be a guarantor under an application for commercial credit, we may also collect credit-related information, such as:

  • credit application information – such as the type of credit you have applied for (consumer or commercial credit) details of the credit provider, the amount and the terms;
  • repayment history – such as payments owed to us or another credit provider, in connection with credit provided to you or in relation to which you are a guarantor that is due by 60 days;
  • default information – such as information about a payment that is owed to by you as a borrower or guarantor and that remains overdue for more than 60 days;
    payment information – that an overdue payment has been paid on a certain date
    new arrangements – whether you have entered into new arrangements with us or other credit providers in connection with credit provided to you;
  • court proceedings information, personal insolvency information and credit-related publicly available information ;
  • scores, ratings, summaries, evaluations and other information relating to an individual’s creditworthiness which is derived by Capify or its agents or by CRBs wholly or partly on the basis of the information above; certain administrative information relating to credit, such as account and customer numbers;
  • whether in our or another credit provider’s opinion you have committed a serious credit infringement.

The Privacy Act places restrictions on collecting sensitive personal information about you (this includes information about your religious views, ethnicity, political opinions, criminal records, personal health information or sexual preferences). Generally, we won’t collect this sort of information unless it is specifically relevant and necessary for the purpose of Capify’s business functions and operations and your consent is first obtained.

We may at our sole discretion utilise one or more validation based services to undertake identity checks/validation on any of the information or documentation provided to us. Such checks may use official identifies to identify individuals. We undertake such checks to combat identity fraud and financial crime.

The purpose of collecting personal information?

Personal information is collected so that we are able to reasonably perform our business operations and functions and provide you with quality customer service. We will collect, use, hold and discourse your personal information for the following purposes:

  • Capify’s general business activities and functions, including providing you without products and services;
  • assessing and processing an application for commercial credit or to accept an individual as a guarantor;
  • for administrative purposes in relation to the ongoing management of your commercial credit arrangement;
  • communicating with you, including responding to your inquiries about our products and services and applications and accounts;
  • participating in the credit reporting system and providing information to CRBs as permitted by Part IIIA of the Privacy Act;
  • meeting our legal and regulatory requirements, and enforcing our rights;
    conducting, improving and developing a business relationship with you;
    dealing with complaints;
  • marketing (such as providing individuals with information about our products and promotional notices and offers); and
  • improving our website.

How do we collect personal information?

If it is reasonable and practical to do so, we collect personal information directly from you. We may do this through application forms, over the telephone, email, fax, the internet, or in person.

Where the Privacy Act permits, we may also collect personal information from other people or organisations. Sometimes this may happen without your direct involvement. Some examples of the people or organisations from which we may collect personal information about you are:

  • other credit providers
  • publicly available sources of information (such as telephone directories)
    your authorised representative (such as a legal adviser)
  • third-party brokers (such as insurance brokers and mortgage brokers)
    credit reporting bodies (CRBs), such as Veda or Dunn and Bradstreet;
  • government agencies (such as the Land Titles Office).

So that we can better tailor information and products to your needs, when we send to you email messages, we may use technology to identify you so that we can know when you have opened the email or clicked on a particular link in the email.

When you ring us, we may also monitor and/or record telephone calls for the purposes of staff training and to verify statements made during the phone call.

Capify takes reasonable steps to ensure that you are aware of:

  • the likely use of your personal information; the right of access to your personal information;
  • the identity and contact details of the Capify employee/representative collecting the information;
  • any law requiring the collection of the information; and
  • the main consequences of failure to provide the information.
    Disclosure of your personal information

Capify may disclose your personal information:

  • for the primary purposes for which it was collected, such as those described above;
  • where you would reasonably expect us to do so;
  • to other credit providers (where we have your express written permission from you to do so and where the other credit provider has an “Australian link” as that term is used in the Privacy Law);
  • where you have consented;
  • if:
    • we have provided credit to you, or you have applied for credit; and
    • the disclosure is for the purpose of the recipient considering whether:
      • to offer to act as a guarantor in relation to the credit we have or may provide to you; or
      • to offer property as security for the credit we have or may provide to you;
    • you have an “Australian link” as that term is used in the Privacy Law; and
    • we have your express permission to do so;
  • if:
    • the disclosure is to a person who:
      • is a guarantor in relation to credit we have or may provide to you; or
      • has provided property as security for such credit; and
    • the person has an “Australian link” as that term is used in the Privacy Law; and
    • either:
      • you expressly consent to the disclosure of the information to the person; or
      • in relation to a guarantor, the information is disclosed for the purpose of enforcement or proposed enforcement, of a guarantee.
    • to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights;
    • for direct marketing by Capify, but giving you the opportunity to opt-out of such direct marketing; Capify includes its contact details in any direct marketing.

We may also share your personal information with other companies within the Capify Group.

Where the Privacy Act permits us, we may from time to time disclose your personal information to organisations outside the Capify Group. Generally, these are organisations that help us with our business functions and operations. These organisations may include:

  • authorised representatives of the Capify Group who sell products or provide services on our behalf;
  • insurers and re-insurers;
  • payment systems operators (for example, merchants receiving credit card payments);
  • other financial institutions;
  • organisations involved in what is called securitisation arrangements, under which we sell, for instance, a pool of customers’ loans. These organisations include trustees of those arrangements, investors and their advisers;
  • debt collecting agencies;
  • our accountants, auditors or lawyers;
  • your representative (for example lawyer, mortgage broker, financial adviser, executor, administrator, trustee or attorney).

We strive to limit the information we give these organisations to what they need to perform their services for us or to provide products or services to you. Where it is required by the Privacy Act we will seek your consent before disclosing to these organisations, otherwise, we will only disclose your personal information to these organisations where is it reasonable in the circumstances to do so.

Where the Privacy Act permits us to do so, we may also disclose your personal information to CRBs such as Veda or Dunn & Bradstreet, if you apply for commercial credit or request to increase in your commercial credit limit with Capify.

Where Capify collects personal information that we are likely to disclose to a CRBs, please note:

  • the CRBs may include that information in reports provided to Capify to assist it to assess your creditworthiness;
  • if you fail to meet payment obligations in relation to commercial credit or commits a serious credit infringement, Capify may be entitled to disclose this to the CRB;
  • if you are an individual you may access information from Capify in accordance with this privacy policy and may access this information for the purpose of requesting Capify to correct the information or make a complaint to Capify.

If Capify discloses your personal information to CRBs, we will provide you written notice prior to that disclosure as required by law well as the details of the CRBs.

Capify does not disclose your personal information for any secondary purposes unless your consent has been given or as required by law.

Capify will not sell or license any personal information that it collects from you.

Credit Reference Bureaus and your Credit Report

When CRBs receive a search from us they will place a Directors credit search on your credit file that may be seen by other lenders and depending on the CRB could be classified as a hard search and will impact an individual’s personal credit score.

Banking Data

In providing this service to you we use a third-party service provider, Proviso. To provide this service Proviso uses your Banking Credentials solely for the purpose of retrieving banking data and returning it to us. By using this service you agree to the terms and conditions of the Proviso service (https://proviso.com.au/terms/) and privacy policy (https://proviso.com.au/privacy/). If you do not agree, you should not use this service.

Cross-border disclosure

Your personal information may also be processed by, or disclosed to employees, representatives, or other third parties operating outside of Australia who works for or is engaged by Capify in other countries, including the United States of America, United Kingdom of Great Britain and Northern Ireland, Canada, Ukraine and the Federal Republic of Germany.

For example, Capify may use a server hosted overseas to store data, which may include your personal information or we may enter into contracts with organisations overseas who provide services to us or who provide products or services jointly with us.

These contracts require the organisation to:

  • meet the privacy standards we set for ourselves in protecting your personal information and comply with the Privacy Act; and
  • use the personal information only for the specific service we ask them to perform or the product/service that we ask them to provide, and for no other purpose.

Capify will take reasonable steps, in the circumstances, before your personal information is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal information (‘the reasonable steps’).

The reasonable steps may not apply if you consent to the disclosure of your personal information to an overseas recipient and we reasonably believe that the overseas receipt is subject to laws that are suitability similar to privacy laws in Australia.

If you consent to the disclosure of your personal information to an overseas recipient, the overseas recipient may not be accountable under the Privacy Act, and you will not be able to seek redress for breaches under the Privacy Act.

GDRP Applicability

Data Subject Rights

Where applicable under the GDPR, and in addition to the rights set out above, you have the following rights regarding your personal information stored with us:

  • the right to object to your personal information being processed;
  • the right to data portability of your personal information;
  • the right to complain or query how we process your personal information;
  • the right to object to automated decision-making using your personal information; and;
  • the right to have your personal information forgotten by us.

Data Controller and Data Processor 

You acknowledge that when using our website, you will be deemed to be the data controller in relation to any personal information that you collect and store and will be responsible for how such personal information is collected.  You must ensure that you obtain consent and provide notice to any persons as required under the relevant privacy legislation in relation to the collection, storages and use of their personal information.

When you use our website, we act as a data processor only in relation to personal information and data entered, collected and stored by you. We will only access your data in accordance with written instructions given by you, or unless required to do so by the Privacy Act or GDPR.

Do we use personal information to market products and services to you?

We may use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to.

We will exchange your personal information between companies within the Capify Group so they can also market their products and services to you.

The Capify Group will only offer you products or services where we reasonably believe that they could be of interest or benefit to you.

If you don’t want to receive marketing offers from Capify about Capify branded products and services, please let us know by calling 1300 760 930, or by writing to Capify at Level 7, 32 Phillip St, Parramatta, NSW, 2150.

Capify will act promptly on your request and will also ensure any electronic marketing material sent (e.g. by e-mail, SMS, MMS or IM) includes an easy method that enables you to tell us you do not want to receive future electronic marketing material.

Can you access your personal information?

Capify acknowledges that you have a general right of access to the information we hold concerning you, and to have any corrections to be made. You can request access to your personal information by contacting us by telephone on 1300 760 930. As permitted by the Australian Privacy Principals, we may not always be able to give you access to all the personal information we have about you. For instance, we may not be able to give you access to information that:

  • would unreasonably impact the privacy of another person;
  • would reveal a commercially sensitive decision-making process;
  • we are prevented by law from providing to you relates to existing or anticipated legal proceedings.

Do we keep your personal information accurate and up-to-date?

We maintain the quality of your personal information by taking reasonable steps to make sure that the information collected, used and disclosed is accurate, complete and up-to-date. We encourage you to help us by telling us immediately if you change your contact details (such as your phone number or address). You can contact us to change your details by telephoning 1300 760 930 or alternatively, via email to [email protected]

Capify will correct information it has about you if it discovers, or you are able to show to a reasonable standard, the information is incorrect. If you seek correction and Capify disagrees that the information is incorrect, Capify will provide you with its reasons for taking that view.

Is your personal information secure?

We will use up-to-date techniques and processes, which meet current industry standards, to protect your personal information from misuse, loss and unauthorised access, modification or disclosure.

The only people who are allowed to handle or have access to your personal information are those employees of the Capify Group and those who perform services for us who need your personal information to do their jobs. All employees of the Capify Group are bound both by the Capify Code of Conduct and by confidentiality clauses in their employment agreements to not misuse your personal information. Those who perform services on our behalf are also bound by privacy and confidentiality agreements.

Paper documents are protected from unauthorised access or use through the various security systems that we have over our physical premises. We also maintain up-to-date computer and network security systems with appropriate firewalls, encryption technology and passwords to protect electronic copies of personal information.

If we no longer require your personal information, we will take reasonable steps to destroy it in a secure manner or remove identifying features from it. This is subject to any legal obligations we have to keep information for a certain period of time.

What do we do if there is a data breach?

In the event of a data breach, such as the unauthorised loss, use or disclosure of personal information, we will assess and respond in line with our applicable policies and procedures, which incorporate the requirements contained in the Privacy Act. Pursuant to our obligations under the Privacy Act, we will notify you where your personal information is involved in an eligible data breach that is likely to result in serious harm. Such notification will also include making recommendations about the steps you should take in response to the breach. Where required by law, the Australian Privacy and Information Commissioner will also be notified of the eligible data breach.

Dealing with unsolicited information

Capify takes all reasonable steps to ensure that all unsolicited information is destroyed or de-identified immediately.

Using our Website

As with most websites, when you visit the Capify website or use an application on the Capify website, Capify may record anonymous information such as IP address, time, date, referring URL, pages accessed and documents downloaded type of browser and operating system.

Capify also uses “cookies”. A cookie is a small file that stays on your computer until, depending on whether it is a sessional or persistent cookie, you turn your computer off or it expires. Cookies may collect and store your personal information. You may adjust your Internet browser to disable cookies. If cookies are disabled you may still use the Capify website, but the website may be limited in the use of some of the features.

The Capify website may contain links to or from other websites. Capify is not responsible for the privacy practices of other websites. This privacy policy applies only to the information we collect on the Capify website. We encourage you to read the privacy policies of other websites you link to from Capify’s website.

What if we don’t keep our promises?

Although we are committed to keeping the promises set out in this document, we sometimes make mistakes. Fixing these mistakes and ensuring we deliver on our promises is very important to us.

We’ve put in place a way of dealing with issues you might raise quickly and fairly. Please talk to us first.

If you have reason to believe that we have not complied with our obligations relating to your personal information or your credit-related information under the Privacy Act, please refer any complaints or queries to our Privacy Officer (details below).

We will ensure your complaint is handled by our Privacy Officer in an appropriate and reasonable manner. Where necessary we may consult with a credit reporting body or another credit provider in order to deal with your complaint.

We aim to resolve your complaints at your first point of contact with us. This is our ‘Ask Once’ promise. So please raise your complaints with anyone handling your business. You can contact us anywhere in Australia, by contacting our Privacy Officer. If our Privacy Officer is unable to resolve your complaint, please contact our Internal Dispute Resolution Manager:

Telephone: 1300 760 930

Email: [email protected]

Mail: Level 7, 32 Phillip St, Parramatta NSW 2150.

We aim to resolve all privacy complaints and disputes within 30 days of receiving your complaint.

If you’re not satisfied with the outcome, then you may contact the Office of the Australian Privacy Commissioner:

Office of the Australian Information Commissioner

Website: www.oaic.gov.au

Phone: 1300 363 992

How to contact Capify regarding privacy matters

Please contact us as set out below if you wish to find out what personal information Capify holds about you, to ask us to update the information or make corrections to it (if necessary) and if you have any concerns or complaints about our use of personal information or other privacy issues.

Please feel free to contact our Privacy Officer.

Telephone: 1300 760 930

Email: [email protected]

Mail: Level 7, 32 Phillip St, Parramatta NSW 2150.

How this policy changes

This policy may change or be updated from time to time. A current version of this policy will be published on Capify’s website or may be obtained free of charge upon request.

Use of Secure Firewalls and Cookies

Capify uses secure firewalls to prevent unauthorized access to our internal systems. We have Internet firewalls designed to securely separate the Internet from our internal computer systems and databases. Data coming from customer computers via the Internet flows through a series of safety checkpoints on its way to our internal systems so that only authorized messages and transactions enter our computer systems.

We use cookies as an additional security feature for customers. A “cookie” is a small text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. There are two common types of cookies that we use, “session cookies” and “persistent cookies”.

Session cookies store information only for the length of time that you are connected to a website – they are not written onto your hard drive. Once you leave the website, the originator of the cookie no longer has the information that was contained on it. For example, when you log in to Capify and are authenticated through your login id and password, a cookie will store the identification number of your browser. Throughout your session, the session cookie acts as a type of digital signature to identify your current session to the Web Server.

The information stored in “persistent cookies” is written onto your hard drive and remains there until the expiry date of the cookie. Capify uses persistent cookies to store non-sensitive information that you are aware of and have agreed to. For example, if you choose the option on our login screen to remember your ID, the system will remember and automatically input your log-in id each time you use the service to improve the ease of use of this site.

This Website may offer links to sites of partner companies or third party sites. While we make every effort to monitor the quality of content provided on the Website, these external sites are not subject to this Privacy Policy and we have no control over the content of these sites. Please carefully review the policies on these sites before providing them with any personal information.

Cookies and Data Policy

In Capify (“we“) collect and use data related to your online activity using cookies and other related technologies. This policy provides information about how and why we do this, and how you can choose to remain anonymous.

What is a cookie?

A cookie is a small piece of data that a website saves on the browser of your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time.

Most Internet browsers support cookies; however, users can set their browsers to decline certain types of cookies or specific cookies. Further, users can delete cookies at any time.

Why do we use cookies?

We use cookies to learn how you interact with our content and to improve your experience when visiting our website(s). For example, some cookies remember your language or preferences so that you do not have to repeatedly make these choices when you visit one of our websites. Cookies allow us to serve you specific content, such as special offers or promotions we are currently running. We may employ the learnings of your behaviour on our website(s) to serve you with targeted advertisements on third-party website(s) in an effort to “re-market” our products and services to you.

Cookies and related technologies are useful in many ways:

  • provide us with information on how our site is being used,
  • help us to tailor marketing message to your interests, both on and off our sites,
  • let you navigate between pages more quickly and securely,
  • help detect and defend against fraud,
  • recognise you when you return to websites and remember your preferences,
  • assist us with product and service research, development and business strategy, and
  • Generally, improve your browsing experience.

What types of cookies do we use?

There are different types of cookies:

First-Party and Third-Party Cookies

First-party cookies are cookies issued from the capify.com.au domain that are generally used to identify language and location preferences or render basic site functionality.

Third-party cookies belong to and are managed by other parties, such as Capify business partners or service providers. These cookies may be required to render certain forms, such as the submission of an enquiry for a loan, or to allow for advertising outside of the Capify website.

Session Cookies

Session cookies are temporary cookies that are used to remember you during the course of your visit to the website, and they expire when you close the web browser.

Persistent Cookies

Persistent cookies are used to remember your preferences within the website and remain on your desktop or mobile device even after you close your browser or restart your computer. We use these cookies to analyse user behaviour to establish visit patterns so that we can improve our website functionality for you and others who visit our website(s). These cookies also allow us to serve you with targeted advertising and measure the effectiveness of our site functionality and advertising.

How are cookies used for advertising purposes?

Cookies and ad technology such as web beacons, pixels, and anonymous ad network tags help us serve relevant ads to you more effectively. They also help us collect aggregated audit data, research, and performance reporting for advertisers. Pixels enable us to understand and improve the delivery of ads to you and know when certain ads have been shown to you. Since your web browser may request advertisements and web beacons directly from ad network servers, these networks can view, edit, or set their own cookies, just as if you had requested a web page from their site.

We do not provide any personal information that we collect to advertisers. You can opt-out from off-site and third-party-informed advertising by adjusting your cookie settings. Opting out will not remove advertising from the pages you visit, but, instead, opting out will result in the ads you see not being matched to your interests. This implies that the ad(s) you see will not be matched to your interests by those specific cookies.

How are third party cookies used?

For some of the functions within our websites, we use third party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies, and we encourage you to consult the privacy policies of these third party vendors on their websites for information regarding their use of cookies.

How do I reject and delete cookies?

You can choose to reject or block all or specific types of cookies set by virtue of your visit Capify website by clicking on the cookie preferences on our website(s). You can change your preferences for Capify websites and/or the websites of any third party suppliers by changing your browser settings. Please note that most browsers automatically accept cookies. Therefore, if you do not wish cookies to be used, you may need to actively delete or block these cookies. By using our website without deleting or rejecting some or all cookies, you agree that we can place those cookies that you have not deleted or rejected on your device.

What if I don’t want to be tracked online?

By changing your browser settings, you can control how cookies are used on your computer or device. Usually, you can do this by opening the menu in the browser, and choose settings, options or privacy (it depends on which browser you’re using). From there, you can tailor how your device stores cookies. Options may include deleting all or some cookies, not accepting any cookies or being notified when cookies are being used. For example, if you are using Google Chrome browser, you can choose to browse “incognito” which will only allow session-based cookies.

You can delete existing cookies on your device and block new cookies if you don’t want your online activity to be tracked and remembered.

Changes to this Privacy Statement:

Capify has the discretion to occasionally update this privacy statement. When we do, we will also revise the “updated” date at the top of this privacy statement. We encourage you to periodically review this privacy statement to stay informed about how we are helping to protect the personal information we collect. Your continued use of the service constitutes your agreement to this privacy statement and any updates.

**Last updated 9th January 2024.




Copyright © 2022 Capify Australia PTY LIMITED (ABN 38 630 469 117) trading as Capify. All Rights Reserved.