Privacy Policy

1. Introduction

Astro Capital Finance Pty Ltd (ACN 684 191 777) and its related parties (within the meaning of the Corporations Act 2001 (Cth)) ("Astro Capital", "we", "us", or "our") are committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles ("APPs") set out in the Privacy Act 1988(Cth) ("Privacy Act"), including Part IIIA (credit reporting) and Part IIIC (notifiable data breaches).

This Privacy Policy explains how we collect, hold, use, disclose, and safeguard your personal information when you interact with us, including through our website at astrocapital.com.au, our loan application processes, and any other services we provide. It also describes the rights available to you in relation to your personal information.

By providing your personal information to us, you acknowledge that we will handle it in accordance with this policy. Where we are required by law to obtain your consent before collecting, using, or disclosing certain information, we will seek that consent at or before the time of collection.

2. Information We Collect

We may collect and hold the following types of personal information:

• Personal identification information — your full name, date of birth, residential address, email address, phone number, and copies of identification documents (such as driver's licence or passport)
• Financial information — details of your income, assets, liabilities, existing debts, credit history, bank statements, and taxation records
• Credit information — credit reports obtained from credit reporting bodies, credit scores, repayment history, defaults, and other credit-related information as defined in Part IIIA of the Privacy Act
• Property information — details of the property to be used as security, including valuations, title searches, and ownership records
• Employment information — your occupation, employer details, and employment history
• Business information — ABN, ACN, business financial statements, and director details where applicable
• Website usage data — IP address, browser type, device information, pages visited, referral sources, and other analytics data collected through cookies and similar technologies

Sensitive Information

We do not generally collect sensitive information (as defined in the Privacy Act) such as health information, racial or ethnic origin, political opinions, or criminal records. If we do need to collect sensitive information in connection with your loan application (for example, if you voluntarily disclose health information relevant to your financial circumstances), we will only do so with your express consent and only to the extent necessary for the purpose for which it is collected.

3. How We Collect Information

We collect personal information through a variety of means, including:

• Directly from you — when you submit a loan application, enquiry form, or contact us by phone, email, or through our website
• From your broker or adviser — if your mortgage broker or financial adviser submits an application or enquiry on your behalf
• From credit reporting bodies — including Equifax and Illion, for the purpose of assessing your creditworthiness in accordance with Part IIIA of the Privacy Act
• From other third parties — including property valuers, solicitors, conveyancers, accountants, and other service providers involved in your loan transaction
• From publicly available sources — such as ASIC registers, property title searches, and court records where relevant to assessing your application
• Through our website — via cookies, analytics tools, and form submissions (see Section 11 below)

Where it is reasonable and practicable to do so, we will collect personal information directly from you. If we collect personal information about you from a third party, we will take reasonable steps to ensure that you are made aware of the matters set out in this policy.

4. How We Use Your Information

We use the personal information we collect for the following purposes:

• To assess and process your loan application, including conducting credit checks and verifying your identity
• To manage your loan account, including administering repayments, discharges, and any variations to your loan
• To comply with our legal and regulatory obligations, including anti-money laundering and counter-terrorism financing laws, responsible lending obligations under the National Consumer Credit Protection Act 2009 (Cth), and reporting obligations to ASIC and AUSTRAC
• To communicate with you about your loan, our products, and services that may be relevant to you
• To improve our products, services, and website functionality
• To manage our business operations, including internal reporting and risk management
• To support decision-making through the use of automated systems, including artificial intelligence and machine learning tools, as described in Section 6 below
• To detect, investigate, and prevent fraud or other unlawful activity
• To resolve disputes or enforce our agreements

We will only use your personal information for the primary purpose for which it was collected, or for a directly related secondary purpose that you would reasonably expect, unless we have your consent or are otherwise required or authorised by law to use it for another purpose.

5. Disclosure of Information

We may disclose your personal information to the following types of organisations:

• Credit reporting bodies — for the purpose of obtaining credit reports, verifying your credit history, and reporting credit-related information in accordance with Part IIIA of the Privacy Act
• Solicitors and conveyancers — involved in the settlement and management of your loan
• Property valuers — engaged to assess the value of security properties
• Insurers — where insurance is required or related to your loan
• Regulatory and government bodies — including ASIC, AUSTRAC, and the Australian Taxation Office, where required or authorised by law
• Service providers — including IT providers, cloud hosting providers, document storage providers, and communication platforms that assist us in delivering our services
• Artificial intelligence and technology providers — where we use third-party AI systems or automated tools to assist with loan assessment, risk analysis, or other functions described in Section 6
• Your broker or adviser — where they are acting on your behalf in connection with your loan
• Debt recovery agents — in the event of default on your loan obligations
• Professional advisers — including auditors, legal advisers, and consultants engaged to provide services to us

We will not sell your personal information to third parties for marketing purposes.

Cross-Border Disclosure

Some of our service providers, including cloud hosting providers, IT infrastructure providers, and AI technology providers, may store or process personal information on servers located outside Australia. Countries in which personal information may be processed include the United States, the European Union, and other jurisdictions where our technology service providers maintain infrastructure.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information, in accordance with APP 8. These steps include conducting due diligence on the recipient's privacy and security practices, entering into contractual arrangements that require the recipient to handle personal information in accordance with standards substantially similar to the APPs, and assessing the privacy laws of the recipient's jurisdiction.

6. Use of Automated Systems and Artificial Intelligence

In the course of assessing, managing, and administering loans, we may use automated systems, including artificial intelligence and machine learning models ("AI Systems"), to process personal information that we collect about you.

Kinds of personal information used by AI Systems: The personal information that may be processed by our AI Systems includes identification and contact information; financial information (including income, expenses, assets, and liabilities); credit history and credit reporting information; employment information; and information about the purpose and nature of your loan application.

Purposes and kinds of decisions: We may use AI Systems to assist with the assessment of loan applications (including creditworthiness and serviceability analysis), risk assessment and pricing, fraud detection and prevention, identity verification, monitoring of loan performance and management of arrears, and regulatory compliance (including anti-money laundering and responsible lending obligations).

Human involvement in decision-making: AI Systems are used to support and inform, but not to replace, human decision-making. Decisions that significantly affect your rights or interests — including whether to approve or decline a loan application, the terms on which credit is offered, and any enforcement action — are made or reviewed by appropriately qualified personnel. No such decision is made solely by the operation of a computer program without meaningful human involvement.

Data security for AI processing: We take reasonable steps to protect personal information processed by our AI Systems from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include restricting access to AI Systems to authorised personnel, ensuring that personal information is handled in accordance with our information security policies and the Australian Privacy Principles, and conducting due diligence on any third-party AI service providers (including assessing their privacy and security practices). We do not disclose personal information to any third-party AI system except where necessary and in accordance with our obligations under the Privacy Act.

Your rights: If a decision that affects you has been informed by the output of an AI System, you may contact our Privacy Officer to request information about the role that automated processing played in that decision. We are committed to ensuring that the use of AI Systems does not undermine your privacy rights or the fairness of our decision-making processes.

7. Credit Reporting

As a credit provider, we may disclose certain credit-related personal information to credit reporting bodies in accordance with Part IIIA of the Privacy Act. This may include:

• Your identity particulars (name, date of birth, address)
• The fact that you have applied for credit and the amount
• The fact that we are a credit provider to you
• Loan repayment history information
• Default information and payment information in relation to any overdue payments
• That a serious credit infringement has been committed

The credit reporting bodies to which we may disclose this information include Equifax (www.equifax.com.au) and Illion (www.illion.com.au). These credit reporting bodies may include the information we provide in reports to other credit providers to assist them in assessing your creditworthiness.

You have the right to request credit reporting bodies not to use your credit reporting information for the purpose of pre-screening or direct marketing by a credit provider, and you may contact the credit reporting bodies directly to make such a request.

8. Direct Marketing

We may use your personal information to send you information about our products and services that we believe may be of interest to you. This may include communications by email, SMS, post, or telephone.

You may opt out of receiving direct marketing communications from us at any time by contacting our Privacy Officer using the details in Section 15, by using the unsubscribe facility in our electronic communications, or by notifying us that you wish to be removed from our marketing list. We will action your request within a reasonable timeframe.

We will not use or disclose your personal information for direct marketing purposes where you have requested not to receive such communications, or where we are otherwise prohibited from doing so by law.

9. Security of Personal Information

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include:

• Secure storage of physical documents in locked facilities with restricted access
• Electronic data stored on secure, access-controlled systems with appropriate authentication
• Encryption of sensitive data in transit and at rest
• Regular staff training on privacy and data protection obligations
• Regular review and testing of our security practices, systems, and procedures
• Incident response procedures for suspected or actual data breaches
• Due diligence and contractual requirements imposed on third-party service providers who handle personal information on our behalf

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of your data.

10. Data Retention and Destruction

We will retain your personal information only for as long as it is needed for the purposes for which it was collected, or as required by applicable laws and regulations. For loan-related records, we are generally required to retain information for a minimum of seven years after the conclusion of the lending relationship in accordance with our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), taxation laws, and other regulatory requirements.

When personal information is no longer needed for any purpose for which it may be used or disclosed under the APPs, and we are not required by law to retain it, we will take reasonable steps to destroy the information or ensure that it is de-identified in accordance with APP 11.2.

11. Cookies and Website Analytics

Our website uses cookies and similar tracking technologies to improve your browsing experience and to collect usage data. Cookies are small text files stored on your device that help us analyse website traffic, remember your preferences, and provide a more personalised experience.

We use the following types of cookies:

• Essential cookies — required for the website to function correctly, including session management and security
• Analytics cookies — used to collect anonymised information about how visitors use our website, including pages visited, time spent, and referral sources
• Functional cookies — used to remember your preferences and enhance your experience

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

12. Notifiable Data Breaches

In the event of an eligible data breach (as defined in Part IIIC of the Privacy Act) that is likely to result in serious harm to any individual whose personal information is involved, we will comply with the Notifiable Data Breaches scheme. This means we will:

• Take reasonable steps to contain the breach and assess the risk of serious harm
• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
• Notify affected individuals as soon as practicable, including a description of the breach, the kinds of information involved, and recommendations about the steps individuals should take in response

13. Access and Correction

You have the right to request access to the personal information we hold about you (APP 12). You may also request that we correct any information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13).

To make an access or correction request, please contact our Privacy Officer using the contact details in Section 15. We will respond to your request within a reasonable timeframe, and in any case within 30 days as required by the APPs. We will not charge you for making an access request, although we may charge a reasonable fee for providing access in certain circumstances (for example, where extensive retrieval or compilation is required).

In some circumstances, we may refuse access or correction in accordance with the Privacy Act (for example, where providing access would pose a serious threat to the life or health of any individual, or would unreasonably impact the privacy of other individuals). If we refuse your request, we will provide you with written reasons and information about how you may complain about the refusal.

14. Complaints

If you believe we have breached the APPs, the Privacy Act, or otherwise mishandled your personal information, you may lodge a complaint with us. Please direct your complaint in writing to our Privacy Officer using the contact details in Section 15.

We will acknowledge your complaint within 7 days and investigate the matter promptly. We aim to resolve all complaints within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

If your complaint relates to credit reporting information, you may also lodge a complaint directly with the relevant credit reporting body.

15. Contact Us

If you have any questions about this Privacy Policy, wish to make an access, correction, or complaint request, or wish to opt out of direct marketing, please contact our Privacy Officer:

• Privacy Officer, Astro Capital Finance Pty Ltd
• Suite 901, 54 Miller Street, North Sydney NSW 2060
• Email: loans@astrocapital.com.au
• Phone: 1300 278 761

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Any changes will be posted on this page with an updated "Last updated" date. Where changes are significant, we will take reasonable steps to notify you (for example, by email or by placing a prominent notice on our website). We encourage you to review this policy periodically.

You may also wish to review our Terms of Service.