Our Commitment to Privacy

At Canstar, we recognise the importance of protecting your privacy.  We take privacy seriously.  We attach great importance to safeguarding customer personal information.  Our Privacy Policy outlines the commitment of Canstar Pty Ltd (ACN 053 646 165) and its Subsidiaries (“Canstar” or “we”, “us” or “our”) to protect the privacy of our customers’ personal information and other personal information we receive in the conduct of our business.  We hope that you take the time to read our Privacy Policy.

We comply with all relevant privacy laws, including the requirements applicable to us under the Australian Privacy Act 1988 (Privacy Act) and relevant State laws.

Our Privacy Policy

Our Privacy Policy sets out how we look after personal information.  It explains the kinds of personal information we collect and why we collect it.  It also describes how we hold, use, and disclose personal information.

Defined terms are at the end of this Privacy Policy.

This Privacy Policy applies to our customers in Australia.  If you are in New Zealand, please refer to our New Zealand privacy policy.

This Privacy Policy applies to our Australian Websites.  This Privacy Policy does not apply to websites that we do not operate, such as linked third party websites.  Those website owners are responsible for the privacy of the information they collect and should be contacted directly for details of their privacy policies.  If we refer you to a third party website, we are not making any representations to you regarding the privacy or security of your Personal Information when collected or held by the other website.  The privacy practices applicable to other websites may differ substantially from ours.  You should read the privacy policy of any other websites you visit before using them.  We do not accept responsibility for the content or practices of websites operated by third parties that are linked from our Websites.

This Privacy Policy also applies to job applicants.  We have a separate Staff Privacy Policy for employees and contractors.

By using our Websites, or by providing personal information to us, you agree to the terms of our Privacy Policy.  If you open a Canstar account or sign up to use a Canstar tool or service, you agree to the terms of our Privacy Policy as part of the account opening or sign-up process. When you agree to the terms of our Privacy Policy, you consent to the collection, use, storage and disclosure of that information as described in our Privacy Policy.

What personal information do we collect?

Because we strive to provide you with personalised services showing the information most relevant to you, we collect personal information about you.  We will only use that personal information in accordance with this Privacy Policy.

We collect information about you when you access and use our services through our Websites.  The types of information we collect will depend on the type of product or service requested by you.

We collect personal information in the provision of our services, including the marketing of our services.  We collect personal information so that we can provide products, services and information to you.

We also collect information where we are required to do so by law.

The types of personal information we collect depends on the circumstances in which the information is collected. The types of personal information we collect may include:

  • Your name and contact details
  • Your age or date of birth and gender
  • Your postcode
  • Identification verification information, such as your passport or driver’s licence details that you provide to us to verify your identity
  • Your Google or Facebook profile information identified in the ‘Log in’ form, if you choose to log in or sign up to our Website using Google or Facebook
  • Information regarding your use of our products and services
  • Information about products and services of others that you use or may like to use
  • Information sourced from other products and services that you use, where you give us consent to collect and consolidate that information
  • If you provide it to us, the name of your product provider, credit provider or product details for specific products that you hold and services you use
  • Information about where you live, properties that you own or rent, and vehicles that you use
  • Information about who is in your family and your dependents
  • How you make payments to us, and how we make payments to you, such as your banking and payment details. This could include bank account and debit or credit card details (see further details below regarding credit card payments).
  • Information regarding your use of our Websites including searches you undertake on our Websites and information that you provide to us via our Websites (for example if you use a forum, feedback/rating tool, calculator, online survey or other tool or input form on our Websites)
  • Information about your use of our social media content
  • Information relating to the products and services that we or our business partners provide to you
  • Records of communications and dealings with you, such as emails, SMS, telephone, live chat and in-person communications
  • Location information
  • Financial information, including information about or relevant to the financial products that you have or are interested in having
  • Information we may collect as part of a survey, customer feedback request or a competition
  • Information that you provide to us, for example, when completing an application, for verification or as evidence in respect of a complaint
  • Information and opinions about you that are provided to us by others, such by credit reporting bureaus
  • Information that we derive from the information that we hold about you, such as derived demographic information
  • If you apply to work for us: Your resume, information about your past work and study, references and police background checks.

We collect information about people who are our suppliers, business customers and business partners, or who are employed by our suppliers, business customers and business partners.  The information we collect is that which we need to do business with that party.

We collect information about people who visit our offices and attend our events. This may include photographs and video, and your signature when you sign in.

We may record and monitor telephone calls and other communications between you and us for training, quality control, verification and compliance purposes.

When you communicate with us, we may collect additional information including the languages you speak and how best to manage communications with you.

We do not seek to collect sensitive information, unless it is necessary for our business purposes.  Sensitive information includes information about your health, racial or ethnic origin, religious beliefs and criminal record.   If we do have to collect sensitive information, we will do so in accordance with the Australian Privacy Principles — for example, we will only collect sensitive information about you with your consent and where it is reasonably necessary for us to do so, or if we are otherwise allowed or required by law to collect that information.  If you provide us with sensitive information, we will consider that you have consented to us collecting it.

Additional information regarding collection when using our Websites

When using our Websites, we and our technology partners may collect information about you and how you use our Websites.  We may collect information such as:

  • which services you use and how you use them
  • your use of the Website, such as pages visited, links clicked, text entered, and mouse or cursor movements, and when you visit each page
  • device information, such as the model and ID of the device you use, operating system, telephone number and mobile phone network
  • server log information, such as details of how you used the service, IP address, hardware settings, browser type, browser language, the date and time of your use and referral URL
  • information that may uniquely identify your browser or your account
  • your user name and password, if you create an account with us or use a service that requires login information
  • location information.

We also collect some statistical information about visitors to our Websites (for example, the number of visitors, pages viewed, types of transactions conducted, time online and documents downloaded), but this is not personal information when we aggregate this information so that no person can be identified from the statistical information.

We may use publicly available sources to approximate your geographic region and Internet Service Provider based on your IP address.  We use various technologies to collect and store information, including cookies, pixel tags, tracking tags, and local storage such as browser web storage or application data caches, databases, and server logs. These technologies help us track your usage and remember your preferences.

Other than for statistical information and user behaviour on our Websites, we do not collect any information about you through our Websites unless you voluntarily provide the information to us.

Analytics cookies and tracking tags may also be used to collect information about your use of our website (visitation data) that allow our third-party website analytics services (e.g. Google Analytics) to help us analyse trends and understand our website users’ behaviour patterns in the aggregate.

These technologies can also be used for targeted marketing, including across platform marketing.  Sometimes, for example, your use of a Canstar Website may be used by a third party to target advertisements to you on a non-Canstar website or App.  Canstar may allow a third party service provider to collect anonymous data about your use of a Canstar website.  You may opt-out.  See https://www.lotame.com/about-lotame/privacy/privacy-manager-opt-out/ for more information.

Information collected by the Google Analytics cookie or tracking tag is transmitted to, and stored by, Google in accordance with its privacy practices. To opt out of Google Analytics, please visit: https://tools.google.com/dlpage/gaoptout

For further information about Google’s targeted advertising systems, please visit: https://policies.google.com/technologies/partner-sites

You can visit this page to opt out of targeted advertising if the advertiser is a member of NAI.

How we collect Personal Information

We collect personal information in a number of ways, including:

  • directly from you, for example, when you give it to us
  • when you enter your personal details on our Websites
  • when you create an account with us or update your account details
  • when you complete an entry form for a competition or participate in a survey
  • when you apply to work for us
  • when you use our products or services, including from your use of our Websites
  • when you email, text or telephone us, engage in live chat or when you share information with us from other social applications, services and websites
  • when you interact with our Websites, online content and advertising
  • when you visit or offices or attend our events, for example, you may be photographed or captured on CCTV
  • from publicly available sources of information, including third parties from whom we may acquire lists
  • from businesses and organisations you ask to be referred to or to provide us with information about you
  • from third parties, such as banks, regulators, payment channel providers, mortgage brokers, credit providers, financial service providers, energy providers and your family members
  • using technology to deduce information about you, such as demographic information
  • if you are or work for a supplier or business customer of Canstar, or a potential supplier or business customer, as part of business detailings with you
  • from your employer, if your employer is a supplier or business customer of Canstar
  • from background check providers, former employers, referees, and educational institutions, if you apply to work for us.

If you choose not to provide us with information, we may be unable to supply products or services to you or we may not be able to provide you with products, services or information that is relevant to you.

Use and Disclosure of Personal Information

We may use and disclose your personal information for the following purposes:

  • to provide our products and services to you
  • to identify you and to assist you to obtain and use our products and services and the products and services of others
  • to consider your eligibility for our products and services and the products and services of others
  • to refer you to businesses and organisation that you ask us to be referred to
  • to assist you establish or switch a third party product or service when you ask us to assist you do so
  • to administer and manage our services
  • to help us decide how we can improve our service delivery to you
  • to provide you with information that we think may be of interest to you
  • provide you with relevant and timely advertising
  • to send push notifications and messages to your device to provide you with relevant information, updates and offers
  • to complete transactions with you
  • to respond to inquiries from you
  • to provide you with customer support
  • if you request us to do so, to help you establish or switch a service with another, such as establishing a home loan or switching your electricity provider
  • to create reports for our management and business partners
  • to ensure that you comply with all relevant laws and your contractual obligations to us
  • to process payments
  • to review your dealings with us, including the products and services you use, your potential needs, and new products that might be of interest to you or other customers
  • to improve our Websites, products and services
  • to administer scholarships, surveys, contests and promotional activities or events sponsored or managed by us or our business partners
  • to carry out consumer, market, community and product research, compile demographics, to analyse data and to deduce information
  • for security purposes, including to perform functions that we believe are necessary to protect the security and proper functioning of our Websites
  • to respond to complaints
  • to comply with our legal and regulatory obligations, resolve disputes, and enforce agreements
  • to investigate or pursue a legal claim
  • to protect and defend our rights and property
  • to make special offers related to our products and services or the products and services of others
  • to contact you from time to time by telephone or email about new products, services or offers
  • to gain an understanding of your needs to provide you with or to recommend to you better and more personalised products and services tailored to your requirements
  • to promote and market our products and the products and services of others
  • to provide you with relevant and timely information and advertising
  • to assist in the enforcement of laws
  • to report to our directors and shareholders
  • to maintain and update our records, which may include billing records
  • ensure our internal business operations are running smoothly which may include fulfilling legal requirements and conducting confidential systems maintenance and testing
  • help preserve the personal safety and security of our customers, website users, staff and the public
  • to determine whether to hire you to work for us
  • to conduct appropriate checks to detect fraud
  • to monitor and detect possible fraud or breaches of our terms and conditions of service
  • in extreme circumstances, to protect the personal safety of our customers, Website users, staff or the public
  • as otherwise required or authorised by law.

If you’ve used one or more of our services, you consent to us contacting you with further information or reminders about our services, or to provide you with information that we think may be of interest to you.

Opt-Out

To provide our newsletters and to communicate account and promotional information to you, you may be contacted by us via a number of means including e-mail, SMS and phone communications, push notifications, social media posts or chats, hardcopy mail and other similar means.  If you have provided us with your email address or subscribed to any of our newsletters, we may send you information from time to time that we think is relevant to you and your interests.  Should you not wish to receive communications of this nature from us, you may unsubscribe or opt-out:

  • by following the link or instructions in the communication
  • by contacting our Customer Service team to update your communication preferences
  • by changing the marketing preference settings for your account on our Websites
  • by changing settings on your device, such privacy settings or push notification settings.

If you unsubscribe from marketing communications, this will not stop you receiving service-related communications from us if we are otherwise legally entitled to send them to you.

Disclosure of Personal Information

We only disclose personal information for a purpose for which it was collected, or for a secondary purpose in circumstances permitted by law.  This includes where you consent to us disclosing your personal information.  You can give us your consent expressly or your consent may be implied.

We may disclose your personal information:

  • to any organisation where you request us to do so, including a financial institution, financial adviser, service provider, product specialist, broker, solicitor, or accountant
  • to and between our Subsidiaries and related bodies corporate
  • to insurance companies
  • to a court or tribunal
  • to anyone who acquires or is considering acquiring our assets or business (or part of it)
  • to a person who serves us with a subpoena or other legal document requiring us by law to disclose information or documents about you to them
  • to our consultants, contractors, subcontractors, suppliers, service providers and professional advisors, who assist us in operating our business, for example to IT and cloud service providers, payment service providers, companies that provide identification verification services, customer analytics providers, mail house operators, CRM providers, collection services, banks, investigators, and organisations that we engage to deal with you on our behalf
  • to government agencies, regulators and law enforcement bodies
  • with any third party product or service provider that you have accessed through our website, following a complaint by you about their product or service
  • to other organisations where necessary or reasonable to do so in relation to the operation of our business.

We may publish the names of competition or scholarship winners as set out in the terms and conditions of the relevant competition or scholarship.

We may use your personal information, such as your email address, to match information about you from other websites.  If we do this, we will encode your email address so that anyone we share it with will not be able to identify you.

Where you have agreed to the terms of this Policy, you consent to the disclosure of your personal information as set out above.

Sometimes, we disclose personal information to a third party who has the right to use our brand or logo. The third party may provide products or services, or operate a website or App, but these are not our products, services, websites or Apps.  We do not accept responsibility for the privacy practices of the third parties in these circumstances.

We may disclose your personal information to organisations outside of Australia, including to our related bodies corporate, to contractors, and providers of payment services.  The disclosure may be to organisations located in New Zealand, the United States, Philippines and India.

Data used and stored by Canstar is mostly hosted in Australia.  Canstar may store your personal information on servers in web hosting facilities outside of Australia.

The Australian Privacy Principles require that we take reasonable steps, dependent on the circumstances, to ensure that the overseas service provider to whom personal information is disclosed does not breach Australian privacy laws (the “Requirement”).  When you provide us with your personal information you consent to the disclosure of your information to an overseas provider.   Your consent to this disclosure means that the Requirement does not apply and Canstar will not be held accountable under the Privacy Act for any breaches of the Privacy Act by the overseas provider.

Security and Storage of Information

Canstar takes security seriously. We do this in accordance with a security governance framework that includes policies, procedures, systems and security controls.

We only collect and store data that we need to help you find the right products for you.

Where you access tools that require us to verify your identity using identification documents we do not store this information but securely send it to the nominated third party.

Where we do store information, we utilise data encryption that is best practice in the financial services industry and any personal information is only retained for as long as is necessary or as required by law.

We will not share your data without making this clear to you when you use our service and we take all reasonable steps to protect your personal information from misuse, loss and unauthorised access.

You may complete a Canstar Account Registration when you sign up to use parts of the site. This may include the creation of user password and other information. Any details should be kept confidential by you and not disclosed or shared with anyone.

We continuously monitor and update our Website security to minimise the risk of hacking.  Access to personal information stored electronically is restricted to staff and contractors whose job purpose requires access.

Although due care is taken, we cannot guarantee the security of information provided to us via electronic means or stored electronically.  No security measures are perfect and we cannot promise to be able to withstand security threats in all circumstances, although we take every precaution possible.

Further Details Relevant to Particular Services

Credit Score Service

By using the Credit Score service, you confirm to Canstar that:

  • you are authorised to provide the requested personal details to Canstar
  • you are aware of and consent to
    • the purpose for which your personal information is sought as disclosed by Canstar in the Credit Score service website pages
    • that personal information provided by you in relation to the Credit Score services will be used by Canstar and its third-party service provider for the verification of your identity. This is done by use of an Information Match Request made to an Official Record Holder, and (if verified) the provision of a credit score
    • that any Information Match Result provided in response to the Information Match Request will be provided via the use of third party systems, and
    • Canstar retaining a record of access to the Credit Score service being initiated by you, and all consents you give to the collection, use and storage of your personal information in relation to the Credit Score service.

Amendment of this policy

We regularly review this Privacy Policy and our privacy practices.

We may amend this policy from time to time.  If we do, we will update the Privacy Policy on our Websites.  The changes will come into effect immediately upon notification on our Websites.  If the changes are significant and relevant to customers, we will aim to provide customers who have an account with us with an email or text notification of the changes.  You should check our Websites from time to time to understand how the current version of our Privacy Policy applies to you.

Access to your information

You can request access at any time to personal information we hold about you by using the contact details below for the Privacy Officer.

We will process your request within a reasonable time, usually 21 days for a straightforward request.  More time may be needed, depending on the nature of the request.  There is no fee for requesting access to your personal information; however, we may charge you the reasonable cost of processing your request.   If a fee applies, we will advise you before we provide access.  Sometimes we are not required to provide you with access – for example, if the law says we can deny access.

If there is a reason for not granting you access to any of your personal information, we will provide you with a written explanation of the reasons for the refusal (unless unreasonable to do so) and inform you of the mechanisms to complain about the refusal.

We may also need to verify your identity when you request your personal information.

Correction of information

We try to ensure that all information we hold about you which we hold about you is accurate, complete and up to date.  You must promptly notify us if there are any changes to your personal information.  You may ask us at any time to correct personal information held by us about you, which you believe is incorrect or out of date.  We will deal with your request within a reasonable time.

If you would like to make an update or correction to any personal information we hold about you, please let us know by sending an email to privacy@canstar.com.au.  If there is a reason for not making a correction to any personal information, we will provide you with a written explanation of the reasons for the refusal (unless unreasonable to do so) and inform you of the mechanisms to complain about the refusal.

We may also need to verify your identity when you request an update or correction to your personal information.

Contact Details and Complaints

For further information, or if you would like to make a complaint about our use, handling or disclosure of your personal information, please contact our Privacy Officer or refer your complaints in writing to privacy@canstar.com.au.

Following receipt of your complaint, we will investigate and respond to you within a reasonable period of time.

If you are not satisfied with our response, you may also contact the relevant regulator such as the Australian Information Commissioner.  As at the date of this Privacy Policy, the contact details are as follows:

Office of the Australian Information Commissioner

GPO Box 5218

Sydney NSW 2001

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Online: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint

If you would like more information about the Privacy Act or Australian privacy requirements in general, please visit the Office of the Information Commissioner’s website at www.oaic.gov.au.

Fraud Warning

Canstar will never send you emails requesting bank account details.

If you receive a call from someone claiming to be from Canstar, Canstar Blue or RateCity offering to sell you a product or service, these calls are fraudulent.  These scams are also known as ‘cold calling’, with scammers sometimes pretending to be a sales team member.

Scammers also send ‘phishing’ emails asking consumers to ‘verify’ and ‘record’ personal financial details or to view a document by clicking on a link. These links often lead to fake websites.  Do not reply to these types of emails and do not click on any links.

Please do not provide any information in response to unsolicited phone calls or phishing emails. If you’ve received a telephone call or an email of this type, please contact us immediately on 07 3837 4160.

General

This Privacy Policy uses the following terms:

Canstar means CANSTAR Pty Limited A.C.N. 053 646 165, AR 443019.

Subsidiary means Canstar Blue Pty Ltd, RateCity Pty Limited, and any company, trust or other entity that is a subsidiary of Canstar within the meaning of the Corporations Act 2001 (Cth) or an entity which is, for the purposes of section 50AA of the Corporations Act 2001 (Cth), under the “control” of Canstar.

Websites means any websites, social media pages, Apps or widgets operated by Canstar or its Subsidiaries that are targeted at consumers in Australia.  In some circumstances, Canstar widgets appear on third party websites (and will be labelled “powered by Canstar” or “powered by RateCity”) but the third party does not collect, use or access any personal information that you input via the widget.

 

We are proud to operate the following brands in Australia: CANSTAR, CANSTAR BLUE, RATECITY.

For privacy policies applicable to operations in other countries where we operate, please refer to those country-specific privacy policies.

Last Updated:  21 June 2023