Whenever it is reasonable and practicable to do so, we collect personal information about you directly from you. In some cases, your personal information may be provided to us by third parties such as business associates, agents, credit reporters or credit bodies. If you are asked to provide information about others it is your responsibility to ensure that you have their consent or are otherwise entitled to provide this information to us.
We may also collect personal information that we request from you regarding your use of our services or that we collect automatically from your visits to our websites.
It is your responsibility to provide us with current and accurate personal information so that we can provide our services to you.
Some examples of personal information that we might collect include:
If you or your organisation prefers, it may remain anonymous to the extent that the name of the organisation need not be provided to us or in being provided it is marked in a way that indicates that you prefer not to be personally identified. However, all data necessary for contractual relations to exist in real time must be provided if we are to be able to fully supply you with our services.
In circumstances where we are required to do so, or are authorised by law, a court or tribunal to ask for your identification, we will request your personal information.
Further it is likely that it will be impractical for us to interact with you without some form of identification, and therefore we may request identification details from you at the beginning of each transaction. For example, we will not be able to open a commercial credit trading account or process a commercial credit application for you without obtaining identification details.
How we collect and hold personal information
We will collect your personal information through our interactions with you. We may also collect personal information from other credit providers, credit reporters and any other third parties for the purposes of our functions and activities including, but not limited to, credit, sales, marketing and administration.
We will only collect and hold personal information which is relevant to the operation of our company.
How we will hold your personal information
We will take steps to hold personal information in a manner which is secure and protected from unauthorised access.
Your information may be held in either a psychical form or in electronic form on our IT system. We will take steps to protect the information against the modification, disclosure or misuse by including such things as physical restrictions, password protection for accessing electronic IT systems.
We will also endeavour to ensure that our service providers have protection for electronic IT systems and other necessary restrictions.
We will endeavour to ensure our staff are trained with respect to the security of the personal information we hold and we will restrict any access where necessary.
We will endeavour to destroy and de-identify the personal information once it is no longer required. In the event we hold personal information that is unsolicited and we were not permitted to collect it, the personal information will be destroyed as soon as practicable.
Meeting regulatory requirements
We only collect and hold personal information by lawful and fair means.
We also collect your personal information in order to satisfy our regulatory obligations under applicable laws and rules.
In some circumstances, we may collect and hold personal information that has been collected from a thirdparty or publicly available source. This will likely occur in instances where:
In certain circumstances, your information may be disclosed where required or authorised by law, for example, to government and regulatory authorities or in emergency situations and when assisting in lawful enforcement.
We may use your personal information for the functions or activities of our company, for example:
We may also collect personal information for both the primary purposes specified herein and purposes other than the primary purposes, including the purpose of direct marketing.Direct marketing
You consent to us directly marketing our products and service offerings to you. You may withdraw your consent and opt out at any time by making a request (by email), or using the unsubscribe facility, to us not to receive direct marketing communications from us or any company we may approve.
We restrict the disclosure of an individual's details to only those organisations and individuals that we feel you would reasonably expect to receive direct marketing material from. Third parties to which we provide personal information will only use it for the purposes for which it is collected or otherwise as permitted by law.
You consent to us providing personal information about you to:
We will endeavour to only use and disclose personal information for the primary purposes noted above in relation to the functions or activities of our company. We may disclose your personal information to administrators who assist in the administration of your account from time to time.
Subject to our confidentiality obligations, we may disclose your personal information with anyone that you have given us permission to, any person acting on your behalf or a person or MHL partner who may have introduced you to us.
We may disclose your personal information to third parties to assist us in providing our services. Your information will be disclosed to third parties on a confidential basis and only if that disclosure is necessary to provide you with our services.
We may use and disclose your personal information for other purposes than you have consented to.
Disclosure to Credit Reporting Bodies ("CRB's")
We may disclose personal information to a CRB in accordance with the permitted disclosures as defined under the Act and the Credit Reporting Privacy Code 2020.
A copy of the credit reporting policy for the CRB's used is available on request either through a link to the CRB's website or hard copy if required.
From time to time we may send your information overseas, including to overseas Group members and to service providers or other third parties who operate or hold data outside New Zealand. Where we do this, we ensure that appropriate data handling and security arrangements are in place. Please note that New Zealand law may not apply to some of these entities.
Customer information is stored in databases shared by the MHL group (and its related bodies corporate) situated in Australia, New Zealand and equivalent jurisdictions. MHL may also disclose your personal information to companies that are part of the MHL corporate family which may be located overseas (in which case your personal information will remain confidential and will only be used for the purpose for which the information is collected).
We use secure servers in order to store your personal information and ensure proper data storage. We take all reasonable measures to protect personal information that we hold from misuse, loss, unauthorised access, modification or disclosure.
If you provide paper-based documentation, we may retain the paper documents in addition to saving copies in an electronic format.
In addition to sharing your information with the MHPL corporate family, we may store your data using overseas cloud storage products as well as other overseas information technology products and services, where we reasonably believe that the overseas recipient is subject to laws that protect the information in a substantially similar way to the IPP's. We will take reasonable steps to ensure that the overseas recipient does not breach the IPP's in relation to the information. We will only transfer personal information outside New Zealand to a third-party recipient, if the recipient of the information agrees (or is compelled) to comply with privacy policies that are in accordance with (or are more stringent than) the IPP's.
Where you apply to us for credit or propose to be a guarantor, one of our checks involves obtaining a credit report about you.
You consent to us obtaining and making disclosure of Information about you from and to a CRB and/or another credit provider for a commercial credit related purpose and/or a credit guarantee purpose and/or a consumer credit purpose and/or another related purpose.
You have special rights under privacy laws and credit reporting requirements in relation to dealings with CRBs. You may access your Summary of Rights under the Credit Reporting Privacy Code 2020 on a CRB's website.Credit reports
A credit report contains information about your credit history which helps credit providers assess your credit applications, verify your identity and manage accounts you hold with them. Credit reporting bodies collect and exchange this information with credit providers like us and other service providers such as phone companies.
The Act and the Credit Reporting Privacy Code 2020 limits the information that credit providers can disclose about you to credit reporting bodies, as well as the ways in which credit providers can use credit reports.Information exchanged with credit reporting bodies
The information we can exchange includes your identification details, what type of credit has been extended to you, the amount of credit extended to you, whether or not you have met your credit obligations and if you have committed a serious credit infringement (such as fraud). We also ask the CRB to provide us with an overall assessment score of your creditworthiness.Use and storage of credit-related information
We use information from credit reporting bodies to confirm your identity, assess applications for credit, manage our relationship with you and collect overdue payments. We may also use this information as part of arriving at our own internal assessment of your creditworthiness.
We store credit-related information with your other personal information. You can access credit-related information we hold about you, request us to correct the information and make a complaint to us about your credit-related information.
If you've been, or have reason to believe that you're likely to become, a victim of fraud (including identity fraud), you can ask the CRB not to use or disclose the credit-related information it holds about you.
You can contact us to access, correct or update your personal information.
We will investigate and deal with your correction request or complaint in a fair, efficient and timely manner. We will respond within 20 days.
You can make a request for access by contacting your local Service Centre, or alternatively, by sending an email or letter addressed to our Privacy Officer, details specified below.
The Privacy Officer
Metal Manufactures Pty Limited
Phone: +61 2 8839 9000
With any request that is made we will need to authenticate your identity to ensure the correct person is requesting the information.
We will not charge you for making the request, however if reasonable we may charge you with the costs associated with your request.
You will only be granted access to your personal information where we are permitted or required by law to
grant access. We are unable to provide you with access that is unlawful.
MHL may deny access to information in certain circumstances as permitted by law. For example, there are exemptions as specified in the Act where access may be denied. If this is the case, we will provide you with the reason for our decision.
Should we hold personal information and it is inaccurate, out of date, incomplete, irrelevant or misleading, or incorrect you have the right to make us aware of this fact and request that it be corrected.
If you would like to make a request to correct your information please contact your local Service Centre or our Privacy Officer on the details above. If we refuse a correction request, you will be provided with a written notice stating the reasons for refusing and you will be entitled to provide, and have attached to the information, a statement of the correction sought but not made.
In assessing your request, we need to be satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will then take all reasonable steps to ensure that it is accurate, up to date, complete and not misleading.
We will normally resolve any correction requests within 20 days. If we require further time we will notify you in writing and seek your consent.
In the event that you wish to make a complaint about a failure of us to comply with our obligations in relation to the Act or the IPP's please raise this with our Privacy Officer on the contact details below:
The Privacy Officer
Metal Manufactures Pty Limited
Phone: +61 2 8839 9000
In dealing with your complaint, we may need to consult another credit provider or third party.
If you are not satisfied with the process of making a complaint to our Privacy Officer you may make a complaint to the Privacy Commissioner. Details of which are below. We suggest you do this only after you have first followed our internal complaint processes.
Office of the New Zealand Privacy Commissioner:
Address: Office of the Privacy Commissioner, PO Box 10094, Wellington 6143
Telephone: 0800 880 214
The Privacy Commissioner can decline to investigate a complaint on a number of grounds, including where the complaint wasn't made at first to us.
For further information about the IPP's, the Privacy Act, or the Credit Reporting Privacy Code please visit the Office of the Privacy Commissioner's website at https://www.privacy.org.nz/
This document does not create any additional rights under contract, statute or equity law.