Thrive Privacy Policy

1) What is this Privacy Policy?

  • Thrive Refugee Enterprise Ltd, ACN: 612 682 381 of 2/75 George St, Parramatta (we, us and our) is a start-up refugee microfinance and business support not-for-profit organisation operating in Sydney and Melbourne.
  • We are an Australian corporation and conduct our Australian operations in accordance with the Australian Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs), which form part of that Privacy Act. Our handling of credit information is regulated by the Privacy Act and Privacy (Credit Reporting) Code 2014 (Version 2) (CR Code).
  • This Privacy Policy relates to our subsidiaries and us.
  • This Privacy Policy sets out how we collect, use and disclose personal and credit information entrusted to us by our customers or otherwise collected and used by us.
  • To the extent that relevant national privacy laws (including the Privacy Act, APPs and CR Code) permit:
    1. this Privacy Policy is a privacy policy, privacy statement, privacy notice or like disclosure under those laws;
    2. this Privacy Policy to be noticed to affected individuals under those relevant laws, or the basis for the consent of individuals to the activities described in this Privacy Policy; this Privacy Policy is notice and disclosure informing consent by individuals to such activities.
  • We may modify or amend this Privacy Policy from time to time and will display the most recent version on our website. This Privacy Policy was last updated in October 2019.
  • Unless you notify us otherwise, we will assume that you have consented to the collection of all information that is provided to us for use in accordance with this Privacy Policy.

2) What is personal information?

  • Personal information is information or an opinion about an individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not. Sensitive information is a subset of personal information and has the meaning given to it in the Privacy Act.
  • Sensitive information means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health, genetic or biometric information.
  • We may also collect credit information (which is a sub-category of personal information) about you. Credit information is personal information that has a bearing on credit that has been provided to you or that you have applied for. This includes credit for personal, domestic or household purposes and credit in connection with a business.

3) What personal information do we collect?

  • We may collect personal information from you when you apply for a microfinance loan and/or business support and mentoring or when you volunteer or donate to Thrive.
  • We collect personal and sensitive information, which may include your full name, address, contact details, date of birth, visa type and status, country of origin, the information we may collect about you from references (such as religion) and a range of financial information in order to accurately identify you, to assess a business for a microfinance loan, and to determine business and mentoring support.
  • When you access and use our website, we will record and log for statistical purposes certain information about such access and use, including your IP address, the date and time of your visit, the parts of our website you access during your visit, your actions on our website, and the browser you are using.
  • Throughout the life of your product or service or association with us, we may hold additional personal information about you. This could include transaction information or complaints made.
  • In situations where we are required to combine personal information about identified or identifiable individuals as provided to us about one customer with personal information about that individual as provided to us by another customer or from publicly available sources, wherever reasonably practicable, we will use reliable and verifiable anonymisation and de-identification techniques which ensure that the risk of any individual being reasonably identifiable in relation to the combined personal information is remote.
  • We may collect information from publicly available sources, including DFAT checklists, terrorism watchlists, ABN register, Australian Securities and Investments Commission register, Personal Property Securities Register or any information that arises from any general internet and Google searches about you. We collect information from these sources for a range of reasons, including verifying identity and conducting background checks.
  • In instances where we collect and use personal information from publicly available sources, we assess whether the collection and use are made in a manner both reasonably contemplated and permitted by the provider of that publicly available source. Where the collection and use are made in a manner both reasonably contemplated and permitted by the provider of that publicly available source, we rely upon that provider to
    1. comply with relevant national privacy laws applying to the provider’s activities; and
    2. to provide the necessary notices as required by relevant national privacy laws to that identifiable individual and to obtain the necessary consents from that individual to permit collection and disclosure by the provider of that publicly available source of that personal information, including disclosure in a manner reasonably contemplated and permitted by the provider of that publicly available source.
  • As well as collecting information directly from you, there may be occasions when we collect information about you from a third party. For example, we may collect information from a third party where they purchase products on your behalf. In such instances, we will determine whether we would have been entitled to collect such information from you under this section 3, and to the extent we would not have been entitled to do so, we will destroy or de-identify such information as soon as reasonably practical.
  • We may also collect information about your financial position for the purpose of assessing an application for credit and to assist in the ongoing management of the credit product or guarantee. This could include whether you had sought credit from credit providers, the type PO-100031- v2 – 03/03/22 page | 3 of credit you hold, the amount of credit provided to you, when the credit account was opened and closed, your repayment behaviour, including whether you have defaulted on your credit repayments, details as to whether other credit providers have requested information about you from a credit reporting body, scores relating to your creditworthiness, and publicly available information about you, including personal insolvency information.
  • Sometimes, we collect and exchange credit information about you from other people. This may happen without your direct involvement. For instance, we may collect credit reports from credit reporting bodies or opinions from other lenders about your creditworthiness. We may also seek credit information about you from:
    1. publicly available sources of information, such as public registers;
    2. your representatives (including your legal adviser, mortgage broker, financial adviser, executor, administrator, guardian, trustee, or attorney);
    3. other organisations, who jointly with us, provide products or services to you; and
    4. commercial information service providers.

4) Anonymity

You do not have to provide us with any personal information if you choose not to; however, if you do not provide us with your personal information, we may not be able to provide you with our goods or services.

5) Cookies

  • If you use our website, some of the personal information referred to in section 3 may be collected through the use of cookies. Most browsers are set by default to accept cookies. However, if you do not wish to receive any cookies, you may set your browser to either prompt you whether you wish to accept cookies on a particular site or, by default, reject cookies.
  • Please note that rejecting cookies may mean that some or all of the functions on our Website will not be available to you. In particular, cookies must be enabled to access and use any part of our Website for placing orders.

6) How is your personal information used?

  • The personal information and credit information that we collect is generally used to provide products or services to you, and, if you use our website, to track your usage, to evaluate the performance of our Website. Information collected by us may also be used for the following purposes:
    1. we collect information from our clients to assess their business for a microfinance loan and determine business and mentoring support;
    2. we may also collect personal information on our volunteers for purposes of identification and assessing business fit;
    3. we may collect personal information from our donors for purposes of issuing receipts; and
    4. as otherwise permitted under the Privacy Act.
  • If you are offering to act as guarantor, your credit information may be necessary to assess whether the borrower will be eligible for a loan if you act as guarantor.
  • We may also use your information to comply with legislative or regulatory requirements in any jurisdiction, prevent fraud, crime or other activity that may cause harm in relation to our products or services and to help us run our business.

7) Disclosure of your personal information

  • We do not sell, rent or trade personal and credit information to or with any third parties.
  • We may disclose personal information to third parties under certain circumstances, including:
    1. where you have authorised us to do so;
    2. where we are legally required to do so, including disclosure to third parties that you have authorised to act for on your behalf (such as accountants, financial counsellors, legal representatives, or a person with Power of Attorney);
    3. for the purpose of verifying your information. This includes organisations that you may have previously disclosed personal information to when applying for a product or service or making a claim, including:
      • credit reporting bodies;
      • federal government agencies; and
      • commercially available third-party databases.
    4. to our service providers and other organisations that supply us products and services and help us to run our business, including:
      • organisations that we partner with to supply products and services;
      • external service providers that we engage in doing some of our work for us, for example, debt recovery agencies, legal service providers and information technology and cloud service providers;
      • organisations involved in our funding arrangements, such as federal government agencies and donors; and
      • auditors and other organisations that may assist us in identifying, investigating or preventing fraud or other misconduct.
    5. with regulatory bodies, government agencies and law enforcement bodies to comply with our legislative or regulatory obligations in any of the jurisdictions where we operate;
    6. where that third party is a group company of ours, in which case that group company will only use and disclose your personal or credit information in accordance with this privacy policy as if a reference in this privacy policy to us included a reference to that group company;
    7. in connection with the sale of some or all of our business or assets;
    8. in accordance with the Privacy Act, including:
      • to lessen or prevent a serious threat to life or health;
      • to protect the personal safety of users of our website or the public;
      • if authorised or required by law;
      • if we have reason to suspect that unlawful activity has been, is being or may be engaged in; and
      • to enforce the law or where necessary to investigate a suspected unlawful activity.
    9. where you would reasonably expect, or we have told you, that your personal information is usually used or disclosed to third parties in this way.
  • We will not otherwise disclose your personal and credit information to any third party.

8) Disclosure of Information Overseas

We may disclose your information to recipients located outside of Australia that provide services to us. For example, we may disclose your personal information to third parties which are located in countries like the United States of America, Germany, United Kingdom, New Zealand, Vietnam and the Philippines, who provide cloud and data storage services.

If we do this, we ensure that any overseas recipient handles your personal information in accordance with the Australian Privacy Principles.

9) Access and correction of your personal information

  • We will, on request, provide you with access to the information we hold about you, including for the purpose of correcting or updating that information unless there is an exception to such disclosure, which applies under the APPs.
  • If you require access to your personal or credit information, please email Before we provide you with access to your personal or credit information, we will require some proof of identity. This information will be provided free of charge.
  • If we refuse to provide you with access to the information, we will provide you with reasons for the refusal and inform you of any exceptions relied upon under the APPs (unless it would be unreasonable to do so).
  • We take reasonable steps to ensure that your personal and credit information is accurate, complete, and up-to-date whenever we collect or use it. If the information we hold about you is inaccurate, incomplete, irrelevant or out-of-date, please contact us, and we will take reasonable steps to either correct this information or, if necessary, discuss alternative action with you.
  • If we refuse your request to correct your personal or credit information, you also have the right to request that a statement be associated with your information noting that you disagree with its accuracy.

10) How we hold and secure your personal information

The security of your personal and credit information is important to us. We take reasonable steps to prevent the personal and credit information we hold about you from misuse, interference or loss and from unauthorised access, modification or disclosure. Our staff are trained on how to PO-100031- v2 – 03/03/22 page | 6 keep information safe and secure. We store your hard copy and electronic records in secure locations and systems. We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the information we hold about you.

11) Credit reporting bodies – notifiable matters

  • Credit reporting bodies are allowed under the Privacy Act and the CR Code to handle personal information relating to credit. We may disclose your personal information to, or collect personal information about you from, a credit reporting body. This information is used for the purpose of determining your eligibility for credit, and we may process the information to create an unsuitability assessment or other ratings of your suitability for credit.
  • Credit reporting bodies may include your personal information in reports that they provide to credit providers to assist those providers in assessing your creditworthiness (such as when you have applied for a loan from the provider).
  • The credit reporting body we deal with is Equifax –
  • For contact details and information on how credit reporting bodies manage credit-related personal information, please see their privacy policies available at the links above.
  • Credit reporting bodies offer a service to credit providers wishing to send direct marketing material about credit services to individuals. This is called “credit pre-screening”.
  • You have the right to request that the credit reporting body does not use your information for this purpose. To opt-out of credit pre-screening, contact the credit reporting body using the contact details on the website noted above.
  • You can also ask a credit reporting body not to use or disclose your personal information for a period if you believe on reasonable grounds that you have been or are likely to be a victim of fraud.
  • The Privacy Act and the CR Code limit what we can do with the information we obtain from a credit reporting body. Generally, it can only be used in relation to the credit products you hold through us. For example, if you fail to meet your payment obligations in relation to a credit or commit a serious credit infringement, we may be entitled to disclose this to a credit reporting body.

12) Links to other websites

Sometimes our Website contains links to other websites. When you access a website other than our website, we are not responsible for the privacy practices of that site. We recommend that you review the privacy policies of each website you visit.

13) How to contact us

  • If you have any queries or complaints with regard to our collection, use or management of your personal or credit information, please contact:
    A: Thrive Refugee Enterprise Ltd
    Level 4, 1 Little Collins Street, Melbourne, VIC 3000
    T: 1300 651 676
  • If you are concerned about how your personal or credit information is being handled or wish to make a complaint about an alleged breach of the Privacy Act or CR Code, we ask that you contact us on the details listed above. If you are not satisfied with our response, there are other bodies you can go to:
    The Australian Financial Complaints Authority can consider most complaints about your credit information. They can be contacted at:
    The Australian Financial Complaints Authority
    GPO Box 3
    Melbourne VIC 3001 Phone:
    1800 931 678
    Under the Privacy Act, you may complain to the Office of the Australian Information Commissioner about the way we handle your credit information. The Commissioner can be contacted at:
    GPO Box 5218
    Sydney NSW 2001
    Phone: 1300 363 992