We are bound by the National Privacy Principles ("Principles") of the Privacy Act, 1988 (Cth) and are committed to protecting personal information we may hold at any time in respect of any individual, in accordance with the requirements of those Principles. "Personal information" for the purposes of this Privacy Policy is information about and which identifies individuals. It includes information obtained from an individual or a third party and, for individual credit applicants and guarantors, includes anything about credit worthiness, standing, history and capacity which, under and in accordance with the Privacy Act may lawfully be exchanged. In general, we will not use or disclose personal information collected about you otherwise than for a purpose set out in this Privacy Policy, for a purpose you would reasonably expect, a purpose required or permitted by law, or a purpose otherwise disclosed to, or authorised by, you.

We may, in connection with particular services we offer or provide to you, make other privacy disclosures to you or seek your authority to use your personal information in ways which are different from or more specific than those stated in this Privacy Policy. In the event of any inconsistency between the provisions of this Privacy Policy and those other disclosures, the other disclosures will prevail.

Personal Information Collected before 21 December 2001
The National Privacy Principles came into force on 21 December 2001 but some of the Principles have application to personal information collected prior to as well as after that date. This means that for personal information we hold, which was collected prior to 21 December 2001, we will, in accordance with those particular Principles:

• take reasonable steps to ensure that such information, if used, is accurate, complete and up-to-date;
• take reasonable steps to protect it from misuse, loss or unauthorised access, use or disclosure;
• provide you with access to the information if we still use it;
• not use any government identifier to identify you; and
• only transfer such information overseas with your consent or as authorised by the Principles. Except in so far as this Privacy Policy further addresses the particular Principles reflected in those five latters, the remainder of this document is concerned with personal information which is collected on or after 21 December 2001.

Collection of Personal Information
We will not ordinarily collect any information about you except where you provide it to us or it is provided to us with your authority.

The types of personal information we collect generally includes your name, address, telephone number, email address and shipping details.

In certain circumstances, we may also collect personal information about you which is sensitive. Sensitive information includes information about your health, religious or philosophical beliefs, membership of professional or trade associations or a criminal record. Unless the collection of sensitive information is required or permitted by or under law, we will obtain your consent to its collection. If the sensitive information relates directly to your ability to meet a financial obligation to us, you consent to our collection of it.
We will collect personal information directly from you when you open an account with us, complete an application form for one of our products or services, deal with us over the telephone or in person, send us a letter or visit our website. We may, for purposes of security, training, or information or transaction verification, listen to and/or record telephone calls to which you are a party with us.

On occasions, we may need to collect personal information about you from third parties, such as credit reporting agencies, our business alliance partners, your agents or third party brokers. If your consent to this collection is required by law, we will first obtain your consent prior to collecting the information.

We only collect personal information about you that is necessary for our functions and activities and, ordinarily, you will be told the purposes for which we collect that information when it is collected.

As a general rule the collection of your personal information will be necessary for us to provide a product or service to you or to maintain our relationship with you.

Additionally, the purposes for which we will generally collect and use your personal information will include:

• complying with legislative and regulatory requirements;
• considering any application you make to us;
• performing our administrative operations, including accounting, risk management, record keeping, archiving, systems development and testing, credit scoring and staff training;
• managing our rights and obligations in relation to external payment systems;
• conducting market or customer satisfaction research;
• developing, establishing and administering alliances and other arrangements (including rewards programs) with other organisations in relation to the promotion,
• administration and use of our respective products and services;
• developing and identifying products and services that may interest you; and
• (unless you ask us not to) telling you about products and services.

We also advise that each time our website is visited, we use cookies to record the date and time of access to the site and any information read or downloaded. The details recorded by the cookies are not information which identifies the user and therefore is not personal information. A cookie is a small text file placed on your computer hard drive by a web page server, which can then be accessed by our web servers. You may configure your web browser not to accept cookies, however this may mean that you are not able to make full use of our website.

Personal Information About Third Parties
If at any time you supply us with personal information about another person (for example, a referee or a person to whom you may wish a payment to be directed), you should ensure that you are authorised to do so and you must agree to inform that person who we are, that we will use and disclose their personal information and that they may gain access to their personal information should we hold it.

Use and Disclosure of Personal Information
We will not use or disclose information collected about you other than for a purpose made known to you, a purpose you would reasonably expect, a purpose required or permitted by or under any law or a purpose otherwise authorised by you.

You authorise us to disclose necessary information to related companies and to any agents or contractors who provide services to us in connection with the provision of products or services you have sought from us.

These parties are prohibited from using your personal information except for the specific purpose for which we supply it to them.

Subject to what is permitted by law, the types of third parties we may disclose your personal information to include, where relevant:

• credit reporting agencies;
• our agents, contractors and external advisers whom we engage from time to time to carry out, or advise on, our functions and activities;
• your agents and contractors, including your finance broker, builder and settlement agent and your legal or financial adviser;
• your executor, administrator, trustee, guardian or attorney;
• your referees;
• regulatory bodies, government agencies, law enforcement bodies and courts;
• any person or organisation who introduces you to us;
• other organisations with whom we have alliances or arrangements (including rewards programs) for the purpose of promoting our respective products and services (and
• any agents used by us and our business partners in administering such an arrangement or alliance);
• anyone supplying goods or services to you in connection with a rewards program associated with the facility;
• debt collecting agencies;
• other financial institutions;
• external payment systems operators;
• any mortgage insurer used by us and any reinsurer of any such mortgage insurer;
• your and our insurers or prospective insurers and their underwriters;
• any person to the extent necessary, in our view in order to carry out any instruction you give to the by us;
• (unless you tell us not to) other organisations (including our related bodies corporate) and their agents for the marketing of specific products and services.

In some cases, we may need to transfer your personal information overseas. If we believe that the overseas third party is not subject to privacy obligations equivalent to those which apply to us we will seek your consent to transfer the information, except where the National Privacy Principles do not require us to do so.

Your Access to your Personal Information
If at any time you wish to know what personal information we are holding about you, you are welcome to apply for your details by telephoning us.

Under certain circumstances, we may not be able to tell you what personal information we hold about you. This includes where:

• it would have an unreasonable impact on the privacy of other individuals;
• the information relates to legal proceedings with you;
• the information would reveal our commercially sensitive decision-making process; or
• we are prevented by law from disclosing the information, or providing access would prejudice certain investigations.

We will take reasonable steps to ensure that your personal information is accurate, complete and up-to-date. If at any time you believe that personal information that we hold about you is inaccurate, incomplete or out of date, please advise us by telephoning us

Security of your Personal Information
We maintain strict procedures and standards and take all reasonable care to prevent unauthorised access to, and modification and disclosure of, your personal information. We will take all reasonable steps to protect your personal information from misuse and loss.

We also protect the security of your personal information when transmitted over the Internet. We use a Secure Socket Layer (SSL) to transfer personal information between you and our web servers with relation to online payment details, and GPG encryption when we transfer data to third parties. However no data transmission over the Internet can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any information you send to us using our on-line forms or products. You submit information over the Internet at your own risk

If we no longer need your information, we will destroy or de-identify it.

Direct Marketing
We adhere to the Direct Marketing Code of Conduct produced by ADMA.

We will use your personal details, including your email address, to provide you with information, specific promotions and products that may be of interest to you. We also provide your details to other organisations (including our related companies) but only for specific marketing purposes.

If at any time you do not wish to receive further marketing information, you have the option to ask us not to send you any further information about products and services and not to disclose your information to other organisations for that purpose. You may do this by telephoning us.

Government Identifiers
We do not use your tax file number, Medicare number, pension number or any other government identifier as your account, policy or application number. We will only use and disclose these numbers for the purposes required by law.

Complaints about Breaches of Privacy
If you believe that the privacy of your personal information has been compromised or is not being adequately protected, you should contact us by telephoning us. We will make every effort to resolve your complaint internally.

If we do not resolve your complaint to your satisfaction, you may apply to the Federal Privacy Commissioner to have your complaint investigated. For more information about how you may lodge a complaint with the Federal Privacy Commissioner, please contact the Commissioner's hotline service on 1300 363 992.

Changes to this Privacy Policy
This statement sets out our current Privacy Policy. It replaces any of our other Privacy Policies or website Privacy Policy to date.

Please note that this Privacy Policy may change from time to time. Our current Privacy Policy is available from our website, www.blueduck.com.au or at or by telephoning us.

We encourage you to periodically review our Privacy Policy for any changes.

Our Internet Website
This Privacy Policy applies to any website operated by us under the domain name www.blueduck.com.au
("The Blue Duck Website").
When you use a link from the Blue Duck Website to the websites of third parties, those websites are not subject to our privacy standards. Those third parties are responsible for informing you of their own privacy policies.

If personal information about you is collected by third parties on any websites you have accessed through our website, we may also collect or have access to that information as part of our arrangement with those third parties.

Contacting Us
If you have any questions regarding this Privacy Policy or would like more information about the way we manage your personal information, contact us via our contact us form.