Credit Information Management Policy

This policy (the Policy) sets out in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) the way in which NDA Law Pty Ltd (NDA, we, us, or our as the context dictates) may collect, store, use, manage and protect your Credit Information (CI) when assessing, approving or rejecting an application for credit, providing you with credit, managing the provision of credit, recovering a debt, or dealing with guarantors or indemnitors of a person to whom we have been asked to provide credit.


  1. ordering goods or services from us on more than 6 day terms;
  2. enquiring about the provision or the continuation of Credit;
  3. applying for the provision of Credit;
  4. accepting or continuing to accept Credit from us;
  5. acting, or applying to act, as guarantor or indemnitor for a Person applying for Credit from us

after this Policy has been brought to your attention, you acknowledge and consent to the collection, use, storage or disclosure of your CI by us in accordance with this Policy and the Privacy Act.

If you do not agree to us handling your CI in the manner set out in this Policy you must immediately cease to access our website, our Credit Applications, our guarantor or indemnity forms, and you should not provide us with any of your CI.

1. What do the different terms in this Policy mean?

Credit means a contract, arrangement or understanding under which either payment of a debt owed by one person to another is deferred for at least 7 days, or where a person incurs a debt to another person, and defers the payment of the debt for at least 7 days. We may offer or allow you Credit in relation to your purchase of products or services from us.

Credit Information or CI is Personal Information (see below) that is, or may include:

  1. identification information;
  2. repayment history information;
  3. a statement that an information request has been made in relation to the individual by a credit provider, mortgage insurer or trade insurer;
  4. the type of credit, and the amount of credit, sought in an application that has been made by an individual to us as a Credit Provider;
  5. default or payment information;
  6. information about new arrangements relating to Credit;
  7. information about court proceedings or personal insolvency relating to Credit;
  8. publicly available information about creditworthiness;
  9. credit reporting information that we disclose to or receive from a credit reporting body/agency; or
  10. information derived from credit reporting information that we receive from credit reporting bodies/agencies that has a bearing on your credit worthiness.

Personal Information means

… information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Generally words and phrases in this Policy are used in accordance with or as they are defined in the Privacy Act.

2. What kinds of CI might we collect and hold?

We may collect (and hold) different CI from you depending upon how you interact with us.

If you apply to receive Credit from us, or offer to act as a guarantor or indemnitor, we may collect CI about you. This may include:

  1. your contact details;
  2. how your business is structured;
  3. your finances and the performance of your business;
  4. details of other individuals involved in your business;
  5. details of your financial advisors and accountants;
  6. your debt repayment history; and
  7. reports on your creditworthiness.

We may also collect Personal Information about you that is not CI. This will be dealt with in accordance with our standard Privacy Policy, which can be accessed on this website. 

3. How do we collect CI?

We collect CI from:

  1. you directly (when we contact you, when you contact us, when we communicate with you, when you place an order, or an application to act as guarantor or indemnitor; and when you visit one of our facilities or offices);
  2. third parties, including referees and accountants, who you have authorised to provide us with information;
  3. publicly available sources; and
  4. credit reporting bodies/agencies.

 4. How do we hold and secure your CI?

We store your CI in hard copy format and digitally, on site. We take reasonable care to ensure that your CI is kept securely and disposed of when it is no longer necessary to retain it to fulfil the purposes for which the information was collected, or as required by law. To help protect the privacy of CI collected and held, we maintain physical, technical and administrative safeguards.

If you provide any CI to us via an online service or other digital means, or if we provide information to you by such means, the privacy, security and integrity cannot be guaranteed during its transmission unless we have indicated to you beforehand that a particular transaction or transmission of information will be protected (for example by encryption).

5. Why do we collect, hold, use and disclose CI?

We may collect CI for a number of reasons or purposes, including:

  1. assessing an application for Credit;
  2. assessing an application to act as guarantor or indemnitor;
  3. providing Credit;
  4. managing the provision of Credit and collection of repayments or enforcement of guarantees;
  5. assessing and dealing with what we reasonably believe to be a serious credit infringement; and
  6. assisting you to avoid defaulting on your obligations to repay a debt.

Our use of CI may extend beyond these uses, but will be restricted to purposes that we consider to be related to our functions and activities and consistent with our obligations under Part IIIA of the Privacy Act.

6. What do we do with your CI?

If we collect CI from you, we may:

  1. use that information for any of the reasons or purposes in clause 5 of this Policy;
  2. store that information in accordance with this Policy;
  3. pass that information to other credit providers with an Australian link or an enforcement body where we believe there has been a serious credit infringement;
  4. provide your CI to a person who is proposing to act as guarantor/indemnitor;
  5. provide your CI to a person who is acting as guarantor/indemnitor where necessary to enforce a guarantee/indemnity;
  6. disclose your information to a debt collector or other debt enforcement agency; or
  7. provide that information to third parties as required by law.

We will not disclose repayment history information about an individual unless permitted by the Privacy Act.

7. Disclosure of CI to Other Organisations

We may disclose your CI to:

  1. third parties including credit reporting bodies/agencies who assist us in assessing or processing applications for credit, and managing the credit we provide;
  2. other credit providers (with your consent);
  3. potential or current guarantors;
  4. debt collection agencies;
  5. government authorities;
  6. our financial and legal advisors or other entities when we are assessing an application for credit or enforcing our rights relating to the provision of credit;
  7. overseas entities, in accordance with clause 8 below.

Part IIIA of the Privacy Act places certain restrictions on when we may disclose your CI to these organisations.

8. Do we ever send your information overseas?

We do not routinely send CI overseas, however if we do, we will always comply with the provisions of the Part IIIA of the Privacy Act, to the extent they apply to the provision of information overseas.

9. Keeping your information up to date

We will at all times take reasonable steps to keep your CI up to date, accurate and complete. If we reasonably believe that there is a deficiency in the CI we hold, we will take reasonable steps to correct it, which may include contacting you to obtain updated information.

Where we have updated or corrected information, we will provide written notice of the correction to any person we have provided recipient of the information within a reasonable period of time.

10. Can you access your CI or request that it be corrected?

  1. You may request access to or correction of the CI that we hold about you by contacting us by any of the methods as set out below (an Access Request).
  2. Upon receiving an Access Request we may request further details from you to verify your identity. We reserve the right not to provide you with access to CI if we cannot verify your identity to our reasonable satisfaction.
  3. An administrative fee may be charged to cover our costs in providing you with access to your CI. This fee will be explained to you before it has been incurred.
  4. We will respond to your Access Request within a reasonable period of time by:
    1.  providing you with access to your CI;
    2. rejecting your Access Request, and providing you reasons for this rejection.
  5. Access Requests may be denied where:
    1. we believe your request is frivolous or vexatious;
    2. we are entitled to reject it by law;
    3. giving you the information would be unlawful;
    4. giving you the information would be likely to prejudice an enforcement related activity undertaken by an enforcement body;
    5. we are unable to verify your identity; or
    6. you have not paid the administrative fees referred to in paragraph 10c, above.
  6. If you believe that the CI that we hold is inaccurate or otherwise requires correction, you may send us a Correction Request. We will review your CI and respond to the Correction Request within a reasonable period of time, generally within 30 days of your request, unless we agree in writing to a longer time.
  7. We will deal with any Correction Request by correcting the information within 30 days from when the Correction Request is made, notifying you within a reasonable period of having corrected the information, and within a reasonable period give each person to whom we have specifically disclosed the information written notice of the correction. If we decide not to correct the information, we will notify you, with reasons, within a reasonable time.
  8. We will notify you when we have made a correction at your request, or notify you in writing why we have not made the requested correction.

11. Information we no longer require

Where we no longer require CI, and we are not under any legal obligation to retain the information, we will within a reasonable time destroy that information.

12. Does this Policy ever change?

From time to time we may make changes to this Policy. When we do, we will highlight those changes in yellow for a period of 28 days. Changes come into effect from the time when you next log on to our website or are notified of the updated Policy, whichever is earlier. Our website will contain a record of when (month and year) the most recent amendments were made to this Policy. You should review the Policy each time you visit our website to keep up to date on any changes.

13. What happens if you have a question or complain about how we have handled
      your CI?

If you have a question or complaint, you can raise it with us by:

Email                 [email protected]
Telephone         (08) 7111 2999
Facsimile           (08) 7111 2990
Postal                Level 11, 178 North Terrace Adelaide SA 5000                            

We take all complaints seriously and will respond to you within a reasonable period of time.

If you aren’t satisfied with the way we have handled your complaint, you can make a complaint to the
Office of the Australian Information Commissioner at

Scroll to Top