Your Privacy Matters to Us
This Privacy Policy explains how Consolidated Funding Group Pty Ltd trading as Fairbanks Financial Group collects, uses, holds and discloses your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) and the Privacy (Credit Reporting) Code 2024.
1. Overview
Consolidated Funding Group Pty Ltd trading as Fairbanks Financial Group (ACN 119 381 832, ACR 481272) ("Fairbanks", "we", "us", "our") is a licensed mortgage broker operating under the National Consumer Credit Protection Act 2009 (Cth). We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles.
This Policy applies to all personal information we collect through our website at fairbanksgroup.com.au, our mobile applications, in-person consultations, telephone interactions, and through our online portals (including Fairbanks Intelligence). We encourage you to read this Policy carefully.
2. Information We Collect
We collect the minimum personal information necessary to provide our credit assistance services. The types of personal information we may collect and hold include:
Identity Information
- Full legal name
- Date of birth
- Driver's licence or passport number
- Residential address (current and previous)
- Citizenship and visa status
Financial Information
- Income, employment status and employer details
- Assets and liabilities
- Existing loan and credit card details
- Bank statements and payslips
- Tax return information (if applicable)
Credit Information
- Credit scores and credit file details
- Repayment history information
- Default information
- Court judgments and insolvency information
- Credit enquiry history
Contact & Digital Information
- Email address and phone number
- IP address and browser/device data
- Website usage patterns and session data
- Communication records and call recordings
- Social media profile data (if provided)
We collect sensitive information (such as health information relevant to loan serviceability) only where it is reasonably necessary to provide our services, and always with your consent unless required or authorised by law.
Where practicable, you may deal with us anonymously or under a pseudonym. However, this is generally not possible when you engage us to arrange credit on your behalf, as we are required to verify your identity under the NCCP Act 2009.
3. How We Collect Your Information
We collect personal information in the following ways:
Directly from you
Via online application forms, rate review forms, contact forms, telephone conversations and in-person consultations.
From lenders and credit providers
When you authorise us to obtain information on your behalf from banks, non-bank lenders and other financial institutions.
From credit reporting bodies
Including Equifax, Experian and illion, when you authorise a credit enquiry as part of your loan application.
From government agencies
Such as the ATO, DVS (Document Verification Service) for identity verification, and state/territory revenue offices.
Via our website and digital platforms
Through cookies, web analytics, session tracking and our Fairbanks Intelligence platform.
From referral partners
When a referral partner introduces you to our services with your prior consent.
We will take reasonable steps to notify you of the purpose of collection at or before the time of collection, unless you have already been notified or notification would be impracticable.
4. Use and Disclosure of Your Information
We use your personal information for the following primary purposes:
- Assessing your borrowing capacity and loan eligibility
- Providing credit assistance and mortgage broking services
- Submitting loan applications to lenders on your behalf
- Managing and servicing your existing loan arrangements
- Conducting identity and anti-money-laundering (AML/CTF) verification
- Complying with our regulatory obligations under the NCCP Act, Privacy Act and AML/CTF Act
- Communicating with you about your application, products and services
- Improving our services through analytics and research (using de-identified data)
- Marketing our services to you where you have consented or where permitted by the Spam Act 2003
We may disclose your personal information to the following types of third parties:
| Recipient | Purpose |
|---|---|
| Banks, non-bank lenders & credit providers | Processing loan applications and credit assessments |
| Credit reporting bodies (Equifax, Experian, illion) | Credit enquiries, verification and reporting |
| Mortgage aggregators & compliance platforms | Loan lodgement systems and compliance oversight |
| Legal and accounting professionals | Legal advice, settlement and tax matters relating to your loan |
| Government agencies (ATO, ASIC, AUSTRAC) | Regulatory reporting, AML/CTF compliance and identity verification |
| IT service providers and cloud infrastructure | CRM systems, document management and data storage (Australian-hosted where possible) |
| AFCA (Australian Financial Complaints Authority) | If you raise a complaint that is escalated to AFCA |
We will not sell, rent, or trade your personal information to any third party for their marketing purposes.
5. Overseas Disclosure
Under APP 8, we are required to disclose whether we are likely to disclose personal information to overseas recipients. In the ordinary course of providing our services, we may disclose personal information to the following overseas recipients:
United States
Cloud infrastructure and software-as-a-service providers (e.g., AWS, Microsoft Azure, Salesforce, Google Workspace) that store or process data on servers located in the US.
United Kingdom
Certain compliance and document verification platform providers that maintain EU/UK-based data centres as a backup to Australian-region servers.
Philippines
Offshore administration support staff who may assist with loan processing under strict confidentiality obligations and data handling agreements.
Before disclosing personal information overseas, we take reasonable steps to ensure the overseas recipient does not breach the APPs. In some cases we rely on the exception in APP 8.2(b) where you have been notified of a risk and have consented. Where practicable, overseas recipients are required to enter into data processing agreements consistent with Australian privacy law.
6. Credit Information & the Credit Reporting Code
As a credit intermediary, we handle credit information subject to additional protections under Part IIIA of the Privacy Act and the Privacy (Credit Reporting) Code 2024. Credit information we may collect includes:
- Credit enquiry information and credit scores
- Repayment history information (24-month payment record)
- Default information and clearance notices
- Financial hardship arrangements
- Court judgments related to credit
- Bankruptcy and personal insolvency information
We obtain credit information from credit reporting bodies only with your express consent, generally obtained when you submit a loan application or authorise us to conduct a credit assessment on your behalf.
You have the right to request that credit reporting bodies place a ban on the use or disclosure of your credit information under APP 13A. Contact the relevant credit reporting body directly (Equifax 13 83 32, Experian 1300 783 684, illion 1300 734 806) to request a ban or to access your credit report for free once per year.
7. Data Security
Under APP 11, we are required to take reasonable steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification and disclosure. Our security measures include:
Technical Measures
- 256-bit TLS encryption for all data in transit
- AES-256 encryption for data at rest
- Multi-factor authentication (MFA) on all systems
- Role-based access controls and least-privilege access
- Regular penetration testing and vulnerability assessments
- Intrusion detection and monitoring systems
Organisational Measures
- Annual privacy training for all staff and contractors
- Privacy impact assessments for new systems and processes
- Binding confidentiality agreements with all staff and third parties
- Clear desk and clear screen policies
- Documented data breach response plan
- Regular privacy compliance audits
Notifiable Data Breaches Scheme
Fairbanks is subject to the Notifiable Data Breaches (NDB) Scheme under Part IIIC of the Privacy Act. If we experience an eligible data breach — one that is likely to result in serious harm — we will:
- Notify the OAIC as soon as practicable
- Notify all affected individuals directly or via a prominent notice on our website
- Provide recommendations on the steps they should take to reduce harm
8. Data Retention
We retain personal information for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Specific retention periods include:
| Information Type | Retention Period | Legal Basis |
|---|---|---|
| Loan application files (settled loans) | 7 years from settlement date | NCCP Act 2009 s.160F; ATO record-keeping |
| Loan application files (declined/withdrawn) | 7 years from decision date | NCCP Act 2009; Credit Reporting Code 2024 |
| Identity verification documents | 7 years from last transaction | AML/CTF Act 2006 s.106 |
| Credit information | 7 years (as reported by CRBs) | Privacy (Credit Reporting) Code 2024 |
| Call recordings | 90 days (general) / 7 years (complaints) | Internal policy; AFCA requirements |
| Website analytics data | 26 months (rolling) | Internal policy (de-identified after 12 months) |
| Marketing consents and opt-outs | 7 years from last contact | Spam Act 2003; Do Not Call Register Act 2006 |
When we no longer need to retain your personal information, we will take reasonable steps to destroy or de-identify it in accordance with our Data Destruction Procedure.
9. Your Right to Access and Correct Your Information
Under APP 12, you have the right to request access to the personal information we hold about you. Under APP 13, you may request correction of that information if it is inaccurate, incomplete or out of date.
Access Request
Submit a written request to privacy@fairbanksfinancial.com.au. We will respond within 30 days. Identity verification will be required before access is granted. We do not charge for access requests but may charge a reasonable fee for requests that are complex or voluminous.
Correction Request
If you believe information we hold is incorrect, contact us and we will update our records or append a statement of correction within 30 days. If we decline to correct information, we will explain why and advise you of your right to complain to the OAIC.
Grounds on which we may refuse an access request include where disclosure would reveal personal information about another individual, or where access would be prejudicial to an investigation of unlawful activity.
11. Automated Decision-Making
Our website uses automated tools that may assist in generating indicative outputs. Specifically:
- Borrowing Power Calculators and Rate Tools — these use algorithmically-generated indicative outputs based on your inputs. They are not credit assessments and do not constitute credit advice.
- Fairbanks Intelligence Platform — uses analytical algorithms to identify rate change alerts, equity milestones and refinance triggers for your loan. These are informational tools only; all actual credit decisions are made by human brokers.
- Lender pre-qualification tools — some lenders use automated systems in their initial credit assessment. We will disclose this to you where known.
No fully automated credit decision is made by Fairbanks without human review. All formal credit recommendations are made by our licensed brokers who consider your individual circumstances.
12. Privacy Complaints
If you believe we have mishandled your personal information or breached the APPs, you have the right to make a complaint. We take all privacy complaints seriously.
Step 1 — Contact Us First (IDR)
Submit your complaint in writing to privacy@fairbanksfinancial.com.au. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
Step 2 — Escalate to the OAIC (External)
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, phone 1300 363 992, or GPO Box 5218, Sydney NSW 2001.
Step 3 — Financial Complaints to AFCA
For complaints relating to our credit assistance services (not limited to privacy), you may contact AFCA at www.afca.org.au or 1800 931 678 — AFCA Membership No. 48367.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or for other operational reasons. When we make material changes, we will:
- Update the "Last Reviewed" date at the top of this page
- Place a prominent notice on our website for 30 days
- Where the changes are significant, notify clients via email
Your continued use of our services after notification of changes constitutes your acceptance of the revised policy.
14. Contact Our Privacy Officer
For any privacy-related enquiries, access requests or complaints, please contact our Privacy Officer:
Regulatory Bodies
OAIC: www.oaic.gov.au · 1300 363 992 | ASIC: www.asic.gov.au | AFCA: www.afca.org.au · 1800 931 678