We comply with all relevant privacy laws, including the requirements applicable to us under the Australian Privacy Act 1988 (Privacy Act) and relevant State laws.
We collect information about you when you access and use our services through our Websites. The types of information we collect will depend on the type of product or service requested by you.
We collect personal information in the provision of our services, including the marketing of our services. We collect personal information so that we can provide products, services and information to you.
We also collect information where we are required to do so by law.
The types of personal information we collect depends on the circumstances in which the information is collected. The types of personal information we collect may include:
We collect information about people who are our suppliers, business customers and business partners, or who are employed by our suppliers, business customers and business partners. The information we collect is that which we need to do business with that party.
If you are a mortgage broker and apply to be a Canstar Certified Mortgage Broker, we collect the information that you provide to us in our application form (including the information in any supporting documents you upload with your application) or as part of our application process, and other information that we independently collect from you or third parties to verify the details that you provide to us and to verify your suitability to be a Canstar Certified Mortgage Broker. We also collect information to audit your compliance with the Canstar Certified Mortgage Broker agreement and program.
We collect information about people who visit our offices and attend our events. This may include photographs and video, and your signature when you sign in.
We may record and monitor telephone calls and other communications between you and us for training, quality control, verification and compliance purposes.
When you communicate with us, we may collect additional information including the languages you speak and how best to manage communications with you.
We do not seek to collect sensitive information, unless it is necessary for our business purposes. Sensitive information includes information about your health, racial or ethnic origin, religious beliefs and criminal record. If we do have to collect sensitive information, we will do so in accordance with the Australian Privacy Principles — for example, we will only collect sensitive information about you with your consent and where it is reasonably necessary for us to do so, or if we are otherwise allowed or required by law to collect that information. If you provide us with sensitive information, we will consider that you have consented to us collecting it.
When using our Websites, we and our technology partners may collect information about you and how you use our Websites. We may collect information such as:
We also collect some statistical information about visitors to our Websites (for example, the number of visitors, pages viewed, types of transactions conducted, time online and documents downloaded), but this is not personal information when we aggregate this information so that no person can be identified from the statistical information.
We may use publicly available sources to approximate your geographic region and Internet Service Provider based on your IP address. We use various technologies to collect and store information, including cookies, pixel tags, tracking tags, and local storage such as browser web storage or application data caches, databases, and server logs. These technologies help us track your usage and remember your preferences.
Other than for statistical information and user behaviour on our Websites, we do not collect any information about you through our Websites unless you voluntarily provide the information to us.
Analytics cookies and tracking tags may also be used to collect information about your use of our website (visitation data) that allow our third-party website analytics services (e.g. Google Analytics) to help us analyse trends and understand our website users’ behaviour patterns in the aggregate.
These technologies can also be used for targeted marketing, including across platform marketing. Sometimes, for example, your use of a Canstar Website may be used by a third party to target advertisements to you on a non-Canstar website or App. Canstar may allow a third party service provider to collect anonymous data about your use of a Canstar website. You may opt-out. See https://www.lotame.com/about-lotame/privacy/privacy-manager-opt-out/ for more information.
Information collected by the Google Analytics cookie or tracking tag is transmitted to, and stored by, Google in accordance with its privacy practices. To opt out of Google Analytics, please visit: https://tools.google.com/dlpage/gaoptout
For further information about Google’s targeted advertising systems, please visit: https://policies.google.com/technologies/partner-sites
You can visit this page to opt out of targeted advertising if the advertiser is a member of NAI.
We collect personal information in a number of ways, including:
If you choose not to provide us with information, we may be unable to supply products or services to you or we may not be able to provide you with products, services or information that is relevant to you.
We may use and disclose your personal information for the following purposes:
If you’ve used one or more of our services, you consent to us contacting you with further information or reminders about our services, or to provide you with information that we think may be of interest to you.
To provide our newsletters and to communicate account and promotional information to you, you may be contacted by us via a number of means including e-mail, SMS and phone communications, push notifications, social media posts or chats, hardcopy mail and other similar means. If you have provided us with your email address or subscribed to any of our newsletters, we may send you information from time to time that we think is relevant to you and your interests. Should you not wish to receive communications of this nature from us, you may unsubscribe or opt-out:
If you unsubscribe from marketing communications, this will not stop you receiving service-related communications from us if we are otherwise legally entitled to send them to you.
We only disclose personal information for a purpose for which it was collected, or for a secondary purpose in circumstances permitted by law. This includes where you consent to us disclosing your personal information. You can give us your consent expressly or your consent may be implied.
We may disclose your personal information:
We may publish the names of competition or scholarship winners as set out in the terms and conditions of the relevant competition or scholarship.
We may use your personal information, such as your email address, to match information about you from other websites. If we do this, we will encode your email address so that anyone we share it with will not be able to identify you.
Where you have agreed to the terms of this Policy, you consent to the disclosure of your personal information as set out above.
Sometimes, we disclose personal information to a third party who has the right to use our brand or logo. The third party may provide products or services, or operate a website or App, but these are not our products, services, websites or Apps. We do not accept responsibility for the privacy practices of the third parties in these circumstances.
We may disclose your personal information to organisations outside of Australia, including to our related bodies corporate, to contractors, and providers of payment services. The disclosure may be to organisations located in New Zealand, the United States, Philippines and India.
Data used and stored by Canstar is mostly hosted in Australia. Canstar may store your personal information on servers in web hosting facilities outside of Australia.
The Australian Privacy Principles require that we take reasonable steps, dependent on the circumstances, to ensure that the overseas service provider to whom personal information is disclosed does not breach Australian privacy laws (the “Requirement”). When you provide us with your personal information you consent to the disclosure of your information to an overseas provider. Your consent to this disclosure means that the Requirement does not apply and Canstar will not be held accountable under the Privacy Act for any breaches of the Privacy Act by the overseas provider.
Canstar takes security seriously. We do this in accordance with a security governance framework that includes policies, procedures, systems and security controls.
We only collect and store data that we need to help you find the right products for you.
Where you access tools that require us to verify your identity using identification documents we do not store this information but securely send it to the nominated third party.
Where we do store information, we utilise data encryption that is best practice in the financial services industry and any personal information is only retained for as long as is necessary or as required by law.
We will not share your data without making this clear to you when you use our service and we take all reasonable steps to protect your personal information from misuse, loss and unauthorised access.
You may complete a Canstar Account Registration when you sign up to use parts of the site. This may include the creation of user password and other information. Any details should be kept confidential by you and not disclosed or shared with anyone.
We continuously monitor and update our Website security to minimise the risk of hacking. Access to personal information stored electronically is restricted to staff and contractors whose job purpose requires access.
Although due care is taken, we cannot guarantee the security of information provided to us via electronic means or stored electronically. No security measures are perfect and we cannot promise to be able to withstand security threats in all circumstances, although we take every precaution possible.
Credit Score Service
By using the Credit Score service, you confirm to Canstar that:
You can request access at any time to personal information we hold about you by using the contact details below for the Privacy Officer.
We will process your request within a reasonable time, usually 21 days for a straightforward request. More time may be needed, depending on the nature of the request. There is no fee for requesting access to your personal information; however, we may charge you the reasonable cost of processing your request. If a fee applies, we will advise you before we provide access. Sometimes we are not required to provide you with access – for example, if the law says we can deny access.
If there is a reason for not granting you access to any of your personal information, we will provide you with a written explanation of the reasons for the refusal (unless unreasonable to do so) and inform you of the mechanisms to complain about the refusal.
We may also need to verify your identity when you request your personal information.
We try to ensure that all information we hold about you which we hold about you is accurate, complete and up to date. You must promptly notify us if there are any changes to your personal information. You may ask us at any time to correct personal information held by us about you, which you believe is incorrect or out of date. We will deal with your request within a reasonable time.
If you would like to make an update or correction to any personal information we hold about you, please let us know by sending an email to firstname.lastname@example.org. If there is a reason for not making a correction to any personal information, we will provide you with a written explanation of the reasons for the refusal (unless unreasonable to do so) and inform you of the mechanisms to complain about the refusal.
We may also need to verify your identity when you request an update or correction to your personal information.
For further information, or if you would like to make a complaint about our use, handling or disclosure of your personal information, please contact our Privacy Officer or refer your complaints in writing to email@example.com.
Following receipt of your complaint, we will investigate and respond to you within a reasonable period of time.
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
If you would like more information about the Privacy Act or Australian privacy requirements in general, please visit the Office of the Information Commissioner’s website at www.oaic.gov.au.
Canstar will never send you emails requesting bank account details.
If you receive a call from someone claiming to be from Canstar, Canstar Blue or RateCity offering to sell you a product or service, these calls are fraudulent. These scams are also known as ‘cold calling’, with scammers sometimes pretending to be a sales team member.
Scammers also send ‘phishing’ emails asking consumers to ‘verify’ and ‘record’ personal financial details or to view a document by clicking on a link. These links often lead to fake websites. Do not reply to these types of emails and do not click on any links.
Please do not provide any information in response to unsolicited phone calls or phishing emails. If you’ve received a telephone call or an email of this type, please contact us immediately on 1300 882 343.
Canstar means CANSTAR Pty Limited A.C.N. 053 646 165, AR 443019.
Subsidiary means Canstar Blue Pty Ltd, RateCity Pty Limited, and any company, trust or other entity that is a subsidiary of Canstar within the meaning of the Corporations Act 2001 (Cth) or an entity which is, for the purposes of section 50AA of the Corporations Act 2001 (Cth), under the “control” of Canstar.
Websites means any websites, social media pages, Apps or widgets operated by Canstar or its Subsidiaries that are targeted at consumers in Australia. In some circumstances, Canstar widgets appear on third party websites (and will be labelled “powered by Canstar” or “powered by RateCity”) but the third party does not collect, use or access any personal information that you input via the widget.
We are proud to operate the following brands in Australia: CANSTAR, CANSTAR BLUE, RATECITY.
For privacy policies applicable to operations in other countries where we operate, please refer to those country-specific privacy policies.