The CCSG group of companies (CCSG, we, us, our) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information.
We respect an individual’s rights to privacy under the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles, and we manage the collection and disclosure of personal information in accordance with these requirements. We also uphold rights to privacy where an individual is based in the European Union, in accordance with the General Data Protection Regulation (EU) (GDPR).
If an individual does not wish to provide personal information to us, then they do not have to do so. However, this may affect the use of our website or any services offered on it.
This document applies to the CCSG group of companies including BBRC Investments Pty Ltd (ACN 154 219 315), Credit Collection Services Group Pty Ltd (ACN 116 256 967), CCSG Hardship Management Pty Ltd (ACN 639 916 304), CCSG Legal Pty Ltd (ACN 122 709 175) and Taylor Investigations (ABN 62 116 256 967). This includes all permanent temporary and casual employees, agency staff and contractors, consultants and suppliers working for us or on our behalf.
1. What is personal information?
1.2 In general terms, it is any information that can be used to personally identify an individual. This may include name, address, telephone number, email address and profession or occupation.
1.3 If the information we collect personally identifies an individual, or they are reasonably identifiable from it, the information will be considered personal information.
1.4 We may also collect some information that is not personal information because it does not identify an individual or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
2. Information we may collect
2.1 We may collect the following personal information
b. date of birth;
c. billing, mailing and/or residential address;
d. the length of time at current address;
e. email address, telephone number and other contact details;
f. banking, credit card, or other online payment details;
g. ﬁnancial status;
h. salary or wage details;
i. employment details;
g. business management information;
k. proof of earning and expenses;
l. loan details;
m. credit information;
n. any finance outstanding, repayment history in respect of those loans and any defaults;
o. information to comply with the Financial Transactions Reports Act 1988 (Cth);
p. information obtained from government databases and credit reporting agencies;
q. the ages and number of dependents and cohabitants;
r. business management information;
s. information relating to circumstances and affairs relevant to the matter/s in which we are instructed;
t. information about legal interests and requirements and potential legal services;
u. information regarding our communications and attendance at seminars and promotional events held by us;
v. for employees or prospective employees, information about qualifications, skills and work experience;
w. for suppliers or prospective suppliers, information about business skills, services, products and prices;
x. information and data related to statistical information regarding access, views, and use of our website and promotional emails;
y. website and social media information; and
z. Australian Business Numbers (ABN) and Australian Company Numbers (ACN).
3. Why we collect personal information
3.1 We collect personal information so that we can perform our business activities and functions and to provide best possible quality of customer service. We collect, hold, use and disclose personal information for the following purposes:
a. to provide our services;
b. to carry out the instructions of our clients;
c. subject to our confidentiality obligations, when using services in support of our legal practice;
d. to employ competent and diligent personnel;
e. to buy and recover defaulted, cancelled and/or terminated credit facilities from banks and other credit creditors;
f. to act as an agent for our clients and customers to recover defaulted, cancelled and/or terminated credit facilities;
g. to provide accounts receivable management services for our clients;
h. to monitor, develop, improve and market our products and services;
i. to conduct internal record keeping;
j. to let clients and potential clients about legal developments, our expertise and legal services that may be of interest;
k. to identify and understand user needs;
l. to send communications requested by individuals;
m. to answer enquiries and provide information or advice about existing and new services;
n. to conduct market research, business development and marketing activities (including direct marketing);
o. to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in cooperation with any governmental authority; and
p. for other related functions and activities.
4. How we collect personal information
4.1 We collect personal information directly from an individual unless it is unreasonable or impracticable to do so. When collecting personal information, we may collect in ways including:
a. when individuals access and use services and facilities available on our website;
b. when we purchase a defaulted, cancelled and/or terminated credit facility from creditors;
c. when we act on a creditor’s behalf as their agent;
d. when we are engaged by a creditors to manage or recover a debt;
e. when we collect information from credit reporting bodies or other information providers;
f. when an individual makes an enquiry about our services;
g. when an individual subscribes to our newsletter or legal updates service;
h. when an individual attends a seminar or event we are hosting or presenting;
i. when we receive instructions to act and we open a file and conduct a conflict check;
j. when our clients provide information relating to related and adverse parties relevant to the advice or services we are providing;
k. when we undertake a search or investigation;
l. when an individual applies for employment with us;
m. when an individual fills in any of our online forms, including when downloading free publications or making online bookings;
n. through access and use of our website, including when an individual registers as a member;
o. during conversations between an individual and our representatives;
p. when an individual asks to be placed on one of our subscription/mailing lists;
q. through government databases or credit reporting agencies;
r. when an individual becomes a client or customer of ours or otherwise use our services; and
s. when an individual visits any links shared via our social media, online posts, emails or other landing pages.
4.2 Where practicable we collect personal information about an individual directly from them. However, we may have collected information from a 3rd party such as a client, a 3rd party information provider, the courts or a person responding to our questions or inquiries.
4.3 We are required to collect the full name and address of our clients by the Solicitors Rules made under the Legal Profession Act, 2004 (NSW). Accurate name and address information must also be collected in order to comply with the trust account record keeping requirements in the Legal Profession Regulation, 2005 (NSW) and to comply with our duty to the courts.
4.4 We cannot act for clients who do not provide us with name and address information.
4.5 If a client does not provide us with accurate personal information, we may not be able to carry out our instructions or achieve the purpose for which the information has been sought.
5. What happens if we can’t collect personal information?
5.1 If an individual does not provide us with the personal information described above, some or all of the following may happen:
a. we may not be able to provide our products or services, either to the same standard or at all;
b. we may not be able to provide information about services that an individual may want, including information about special promotions;
c. we may be unable to tailor the content of our website to the individual’s preferences and their experience of our website may not be as enjoyable or useful; or
d. we may not be in a position to offer the individual employment (if applicable).
6. Our website user tracking experience
6.1 We may use tracking software to review and improve an individual’s experience of our website, surveys and landing pages. In particular, we may use Facebook, Pixels, ActiveCampaign, InfusionSoft, MailChimp, Survey Monkey, Hot Jar, Google Analytics, YouTube, Advertising products: Remarketing with Google Analytics and Google Analytics Demographics and Interest Reporting.
6.2 Google Analytics collects data about our website traffic via Google Advertising cookies and anonymous identifiers.
6.3 Data collected via these Google products is not linked with any personally identifiable information submitted while on our website. If an individual wishes to opt out of the Google Analytics data collection, they may do so on Google’s website at google.com/dlpage/gaoptout.
7. Our website cookies
7.1 When an individual accesses our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to their computer. This enables us to recognise this computer and greet the individual each time they visit our website without bothering them with a request to register. It also enables us to keep track of the services which individual’s view so that, if they consent, we can send them news about those services.
7.3 We use this to research our users’ habits so that we can improve our online services. Our cookies do not collect personal information. If an individual does not wish to receive cookies, they can set their browser so that their computer does not accept them. We may log IP addresses (that is, the electronic addresses of computers connected to the Internet) to analyse trends, administer the website, track users’ movements, and gather broad demographic information.
7.4 The website may contain content and sharing tools embedded from various social networks, such as Facebook. These suppliers may use and place cookies on an individual’s device. We do not have access to, and cannot control, these cookies or the personal data and information that they may collect. Individuals therefore need to check the websites of these suppliers to get further information on how they manage cookies and what information their cookies collec
8. Our website security
8.1 As our website is linked to the Internet, and the Internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information an individual communicates to us online.
8.2 We also cannot guarantee that the information supplied will not be intercepted while being transmitted over the Internet. Accordingly, any personal information or other information which is transmitted to us online is transmitted at the individual’s own risk.
9. Our website links
9.1 We provide links to websites outside of our website, as well as to 3rd party websites. These linked sites are not under our control, and we cannot accept responsibility for the conduct of any companies, businesses, affiliates, advertisers and sponsors, linked to our website.
10. Who do we disclose personal information to?
10.1 We may disclose personal information to:
a. our directors, agents, contractors or service providers for the purposes of operating our website or our business, fulfilling requests by an individual, and to otherwise provide services including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
b. our employees including permanent, temporary, casual or agency staff and contractors and consultants working for us or on our behalf;
c. suppliers and other 3rd parties with whom we have commercial relationships, for business, marketing, and related purposes, which may include overseas parties;
d. parties related to a matter, government authorities and service providers as reasonably required to carry out our client’s instructions;
e. our e-mail marketing provider for the purposes of providing our newsletter, invitations and legal updates;
f. credit reporting agencies and courts, tribunals, regulatory authorities where clients or customers fail to pay for goods or services provided by us to them, and other law enforcement officers as required by Law;
g. 3rd party service providers who assist us with archival, auditing, accounting, legal, business consulting, website or technology services;
h. where we are required to do so by law, such as under the Anti-Money or Laundering and Courter Terrorism Financing Act 2006 (Cth) or in accordance with a subpoena or summons issued by a court;
i. to our related entities, including but not limited to, BBRC Investments Pty Ltd (ACN 154 219 315), Credit Collection Services Group Pty Ltd (ACN 116 256 967), CCSG Hardship Management Pty Ltd (ACN 639 916 304), CCSG Legal Pty Ltd (ACN 122 709 175) and Taylor Investigations (ABN 62 116 256 967);
j. professional advisers such as solicitors, accountants; that have or may have an interest in a debt; government agencies such as those which administer land titles and revenue or (where applicable) foreign investments; credit reporting agencies and mercantile agents; external auditors;
k. anybody who represents an individual, such as lawyers and accountants, financial counsellors, financial advisors, community workers, guardians or carers;
l. anyone, where an individual has provided us consent;
m. investors, agents or advisers, or any entity that has an interest in our business;
n. an employer, referees or identity verification services; and
o. any other organisation for any authorised purpose with an individual’s express consent.
10.3 We also will disclose personal information if required by law to do so or in circumstances permitted by the Privacy Act – for example, where we have reasonable grounds to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been is being or may be engaged in, in response to a subpoena, discovery request or a court order.
10.4 If there is any change or potential change to the control of our business pursuant to the sale, assignment or transfer of the business, or business assets, its assets and/or liabilities, we reserve the right to sell, assign and/or transfer our user databases, together with any personal information and non-personal information contained in those databases to the extent permitted by law. In that event, personal information may be disclosed to a potential purchaser, assignee or transferee, however any disclosures will only be made in good faith and where confidentiality is maintained.
10.5 An individual agrees that we may give a credit reporting agency personal or commercial information about them. The information may include identity particulars; notice of assignment of the debt to us and status changes, such as, default listings and removal of default listings when debt repaid.
10.6 We may collect the following kinds of credit information and exchange this information with credit reporting bodies and other entities:
a. credit liability information being information about existing finance which includes the name of the credit provider, whether the credit provider holds an Australian Credit Licence, the type of finance, the day the finance is entered into, the terms and conditions of the finance, the maximum amount of finance available, and the day on which the finance was terminated;
b. repayment history information which is information about whether repayments are met on time;
c. default and payment information;
d. court proceedings information.
11. Notifiable matters
11.1 An individual has the right to request access to the credit information that we hold about them and make a request for us to correct that credit information if needed. Please see clause 16 below in relation to access and correction to personal and credit information.
11.2 Sometimes credit information will be used by credit reporting bodies for the purposes of ‘pre-screening’ credit offers on the request of other credit providers. Individuals can contact the credit reporting body at any time to request that their credit information is not used in this way.
11.3 An individual may contact the credit reporting body to advise them that they believe that they may have been a victim of fraud. For a period of 21 days after the credit reporting body receives this notification the credit reporting body must not use or disclose that credit information. Contact any of the following credit reporting bodies for more information:
b. illlion.com.au; or
12. Direct marketing materials
12.1 We may send direct marketing communications and information about our services that we consider may be of interest to individuals. These communications may be sent in various forms, including mail, SMS and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth).
12.2 If an individual indicates a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
12.3 In addition, at any time an individual may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that their name is removed from our subscription/mailing list.
12.4 We do not provide personal information to other organisations for the purposes of direct marketing.
13. Security and data quality
13.1 We take reasonable steps to ensure personal information is protected from misuse and loss and from unauthorised access, modification or disclosure.
13.2 We strive to ensure the security, integrity and privacy of personal information that is submitted to us through our website. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure.
13.3 We endeavour to take all reasonable steps to protect the personal information transmitted to us or from our online products and services. Once we do receive a transmission, we will also make our best efforts to ensure its security on our systems.
13.4 In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.
13.5 We may hold information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed or when we are no longer required by Law to retain it (whichever is the latter).
14. How long do we retain personal data?
14.1 We will only keep personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
14.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
14.3 By Law, we must keep basic information about our customers (including contact, identity, financial and transaction data) for five years for Australian tax law purposes. In some circumstances, individuals can ask us to delete their data; see legal rights below for further information.
14.4 In some circumstances we may anonymise personal data (so that it can no longer be associated with an individual) for research or statistical purposes in which case we may use this information indefinitely without further notice.
15. Legal rights under the GDPR for individuals based in the EU
15.1 If the General Data Protection Regulation applies to because an individual is in the European Union, they have rights under data protection laws in relation to their personal data:
a. The right to be informed – that’s an obligation on us to inform individuals how we use their personal data;
b. The right of access – that’s a right to make what’s known as a ‘data subject access request’ for copy of the personal data we hold about the individual;
c. The right to rectification – that’s a right to make us correct personal data that may be incomplete or inaccurate;
d. The right to erasure – that’s also known as the ‘right to be forgotten’ where in certain circumstances an individual can ask us to delete the personal data we have (unless there’s an overriding legal reason we need to keep it);
e. The right to restrict processing – that’s a right for certain circumstances to ask us to suspend processing personal data;
f. The right to data portability – that’s a right for ask us for a copy of an individual’s personal data in a common format (for example, a .csv file);
g. The right to object – that’s a right to object to us processing personal data (for example, if an individual objects to us processing their data for direct marketing); and
h. Rights in relation to automated decision making and profiling – that’s a right for us to be transparent about any profiling we do, or any automated decision making.
i. These rights are subject to certain rules around when they can be exercised.
j. If an individual wishes to exercise any of the rights set out above, please contact us at email@example.com or firstname.lastname@example.org .
16. How to access and correct personal information
16.1 An individual may request access to any personal information we hold about them at any time by contacting us (see the details below).
16.2 Where we hold information that an individual is entitled to access, we will try to provide them with suitable means of accessing it (for example, by mailing or emailing).
16.3 We may charge a reasonable fee to cover our administrative and other reasonable costs in providing the information.
16.4 We will not charge for simply making the request and will not charge for making any corrections to personal information.
16.5 There may be instances where we are permitted to refuse access under the Privacy Act and cannot grant access to the personal information we hold. For example, we may need to refuse access if granting access would result in a breach of confidentiality. If that happens, we will give written reasons for any refusal. Further examples of circumstances where we may refuse to give access to personal information include where:
a. giving access would be unlawful;
b. we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual or to public health or public safety;
c. giving access would have an unreasonable impact on the privacy of others;
d. the information could reveal the intentions of a party in negotiations;
e. giving access could prejudice the taking of appropriate action in relation to unlawful activity; and
f. giving access could reveal evaluative information in a commercially sensitive decision making process.
16.6 If an individual believes that personal information we hold about them is incorrect, incomplete or inaccurate, then they may request us to amend it. We will consider if the information requires correction. If we do not agree that there are grounds for correction, then we will add a note to the personal information stating that the individual disagrees with it.
18. Contacting us
18.2 We will treat requests or complaints confidentially.
18.3 Our representative will contact the person making the complaint within a reasonable time after receipt of the complaint to discuss concerns and outline options regarding how they may be resolved.
18.4 We will aim to ensure that complaints are resolved in a timely and appropriate manner.