Commercial Funding Australia

Summary (Plain-English Overview)

At Commercial Funding Australia, we take your privacy seriously. We collect only necessary personal information (like your name, contact details, and financial data) to provide finance services. We use it to process applications, respond to inquiries, and improve our offerings—with your consent for marketing. We protect it with encryption and secure systems, share it only with trusted partners (e.g., lenders), and store it securely, sometimes overseas with safeguards. You can access, correct, or complain about your data anytime. If there's a breach, we'll notify you promptly. Contact us at admin@commfund.com.au for details. Full policy below.

At Commercial Funding Australia, we are committed to protecting your privacy in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), including the Notifiable Data Breaches (NDB) scheme. This Privacy Policy explains how we collect, use, disclose, store, secure, and manage your personal information. It is reviewed annually to ensure ongoing compliance and reflects best practices for finance businesses handling sensitive financial data.

1. Definitions

- Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable (e.g., name, email, phone number).

- Sensitive Information: A subset of personal information, including details about health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, or financial status (e.g., credit history, income details).

- AI (Artificial Intelligence): Computer systems or tools that simulate human intelligence to process, analyze, or generate data, such as automated document drafting or analytics.

- Cookies: Small text files stored on your device to enhance website functionality, such as remembering preferences.

2. Collection of Personal Information

You can browse our website (www.commfund.com.au) anonymously without providing personal information. We collect personal information only when reasonably necessary to provide our services, such as asset, equipment, or business finance solutions, or to comply with legal obligations (e.g., anti-money laundering laws under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006).

We collect information when you:

- Submit an online form (e.g., finance application or inquiry).

- Contact us via phone, email, or in-person.

- Proceed with a finance application or related services.

Examples of personal information we may collect include:

- Contact details (name, address, email, phone).

- Identification (date of birth, driver's license number).

- Financial details (income, assets, liabilities, bank statements, credit history)—this is sensitive information and requires your explicit consent.

We notify you at the point of collection (e.g., via form notices) about why we're collecting it and how it will be used. If you provide information about others (e.g., guarantors), you must ensure they consent.

3. How We Use Your Personal Information

We use your personal information primarily for:

- Responding to inquiries and providing finance advice.

- Assessing and processing finance applications.

- Managing ongoing services, such as payments or updates.

- Complying with legal requirements (e.g., reporting to ASIC or AUSTRAC).

- Improving our services through internal analytics (de-identified where possible).

For sensitive information (e.g., financial status), we obtain explicit consent and use it only for the direct purpose (e.g., credit assessment).

Secondary uses, such as research or service improvements, occur only with consent or if de-identified.

4. Use of Artificial Intelligence (AI) Technologies

We may use AI tools (e.g., from third-party providers like Microsoft Azure or Google Cloud) to enhance efficiency, such as:

- Generating draft documents or communications.

- Analyzing data for internal processing and risk assessments.

- Improving service speed and consistency.

Before using AI, we conduct privacy impact assessments to identify risks (e.g., data exposure) and ensure compliance with the APPs. All AI outputs are reviewed by trained staff for accuracy and bias. Sensitive information is not processed via AI without explicit consent. You can opt out of AI-assisted processing at any time by emailing admin@commfund.com.au—we'll confirm within 5 business days and use manual processes instead.

5. Server Information and Cookies

Our servers automatically log non-personal data for analytics, including:

- Date and time of visit.

- Pages accessed and files downloaded.

- Browser type, operating system, and referring site.

- IP address (anonymized where possible).

We use cookies to improve user experience (e.g., remembering form preferences). Cookies are not essential—you can disable them in your browser settings. We do not use third-party tracking cookies without consent. For more, see our cookie banner on the website.

6. Direct Marketing

With your consent (obtained via opt-in checkboxes), we may send:

- Product updates, offers, or newsletters.

- Regulatory or service-related changes.

You can opt out anytime by replying "STOP" to emails, calling 0418 179 100, or emailing admin@commfund.com.au. We'll process opt-outs within 5 business days and confirm via email.

7. Disclosure to Third Parties

We do not sell, rent, or trade your personal information. Disclosures are limited to:

- Trusted service providers (e.g., IT support, cloud storage like AWS, legal advisors) bound by confidentiality agreements and APP-compliant contracts.

- Lenders or finance platforms (e.g., banks or fintech partners) involved in your application.

- Regulatory authorities (e.g., ASIC, ATO, OAIC) when legally required.

We ensure all recipients comply with the APPs.

8. Cross-Border Disclosure

Some service providers (e.g., cloud storage) may store or process data overseas, primarily in the United States, Singapore, or the European Union. Before any transfer, we:

- Assess the recipient's compliance with APP 8 (e.g., via standard contractual clauses or adequacy decisions for EU countries).

- Implement safeguards like encryption and binding agreements to protect data at Australian standards.

If a breach occurs overseas, we handle it under the NDB scheme.

9. Data Security

We protect your information from misuse, loss, unauthorized access, modification, or disclosure using reasonable steps aligned with OAIC's Guide to Securing Personal Information. Measures include:

- Encryption for data in transit and at rest.

- Secure servers with firewalls, malware protection, and regular vulnerability scans.

- Access controls (e.g., role-based permissions) and staff training on privacy.

- Regular audits and penetration testing.

10. Notifiable Data Breaches

If a data breach occurs that is likely to result in serious harm (e.g., unauthorized access to financial details), we comply with the NDB scheme:

- Assess the breach within 30 days.

- Notify affected individuals and the OAIC as soon as practicable (typically within 72 hours of confirmation).

- Provide details on the breach, risks, and mitigation steps.

11. Data Retention and Destruction

We retain personal information only as long as necessary to provide our services or comply with legal obligations:

- Financial records (e.g., bank statements, loan agreements, tax documents): Kept for 7 years to comply with Australian tax laws, the Corporations Act 2001, and Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

- Application data (e.g., inquiry forms, non-financial details): Kept for 2 years after service ends, unless a longer period is legally required (e.g., for credit reporting or disputes).

When data is no longer needed, we securely destroy it (e.g., via shredding for paper records or digital wiping for electronic data) or de-identify it to protect your privacy. We conduct annual audits to ensure data is not kept unnecessarily.

12. Access and Correction

You have the right to access or correct your personal information free of charge. Request via admin@commfund.com.au—we'll verify your identity and respond within 30 days. If we deny access (e.g., legal reasons), we'll explain why.

13. Links to Other Sites

Our site may link to third-party websites (e.g., lender portals). We are not responsible for their privacy practices—review their policies.

14. Changes to This Policy

We may update this policy to reflect changes in law or practices. The latest version (dated August 29, 2025) is always on our website. Significant changes will be notified via email if we hold your contact details.

15. Your Consent

By using our website, submitting forms, or engaging our services, you consent to this policy. For sensitive information or marketing, we obtain separate explicit consent.

16. Complaints

If you believe we've breached your privacy:

- Contact our Complaints Officer: Dustin Rhode

- Phone: 0418 179 100

- Email: dustin@commfund.com.au

Submit complaints in writing. We'll acknowledge within 5 business days, investigate, and respond within 30 days. If unresolved, escalate to the OAIC at www.oaic.gov.au or 1300 363 992.

17. Disclaimer and Liability

Information on our site is general and provided in good faith. We make no warranties beyond those required by law (e.g., under Australian Consumer Law). Use at your own risk—we're not liable for losses from reliance, except where liability cannot be excluded.

18. Contact Us

Commercial Funding Australia

Phone: 0418 179 100

Email: admin@commfund.com.au

Address: 44 Lakeview Drive, Scoresby VIC 3179

Last Updated: August 29, 2025