Privacy Policy

About this policy

This policy is for COG Aggregation Pty Ltd ACN 124 319 857 (“we,”, “us”, “our”), who is considered an Australian Privacy Principles (APP) entity, as defined in the Privacy Amendment (Enhancing Privacy Protection) Act 2012.

This policy outlines the following, including but not limited to:

  • who we are and what our main function or activity is;
  • the kinds of Personal Information (PI) we collect and hold;
  • how we collect PI;
  • the purposes for which we collect, hold, use and disclose PI;
  • how we deal with an individuals who remain anonymous or use a pseudonym;
  • how we deal with solicited information;
  • how we deal with unsolicited information;
  • notification of the collection and use of PI;
  • direct marketing and how you can opt out of receiving marketing material;
  • cross-border disclosure of PI;
  • collection and use of government related identifiers;
  • how we ensure your PI is accurate and up to date;
  • how we keep PI secure
  • how you may access your PI and seek its correction;
  • how you can make a complaint if you believe we have breached the APPs and how we handle the compliant;
  • changes to this policy; and
  • how you can contact us if you have any questions relating to this policy or how we handle personal information.

Who are we and what is our main function or activity?

We are a finance aggregator and wholly owned subsidiary of COG Financial Services Limited ACN 100 854 788. We have access to a panel of financiers and offer a variety of finance and insurance products, both consumer and commercial, tailored to suit our customers’ needs and objectives.

What is Personal Information (PI) and what kinds do we collect and hold?

PI is information or an opinion about an identified individual or an individual who is reasonably identifiable. Examples of the kinds of PI we collect include, but are not limited to an individual’s:

  • name, signature, residential, business or e-mail address, telephone number, date of birth, medical records, bank account details and expenditure details;
  • employment details, such as business address, contact details, job title and salary; and
  • credit report information, such as credit history, credit accounts, repayment history information, inquiries, defaults and bankruptcy etc.

Sensitive Information is also a form of PI and can include information or an opinion about an individual’s racial or ethnic origin, political opinions, religious beliefs, criminal record or health information. Generally, we are not required to collect Sensitive Information as it is not reasonably necessary for our main function or activity.

However, if you require information about any insurance products we offer, we may need to obtain health information from you. If this is the case, we will inform you and obtain your consent prior to obtaining the information.

How we collect your PI

In the majority of cases, we will collect your PI directly from you when you apply for a finance and / or insurance product and this is referred to as ‘solicited information.’ Where you consent for us to do so, we can also collect your PI from third parties, such as employers, accountants, banks or referrers (who may simply provide us with your contact details.)

“We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.”


Why do we collect your PI and how do we hold, use and who do we disclose it to?

We collect your PI to provide you with finance and / or insurance products you’ve requested. If we proceed with providing finance and / or insurance products to you, we will hold your PI for a period of seven years after the finance contract has ceased. After that period, we will delete the PI we no longer require.

We disclose your PI to the following sources, including but not limited to:

  • financiers;
  • insurers;
  • credit reporting bodies in order to obtain credit information about you;
  • your employer, bank, solicitor or accountant to verify the information you’ve provided us;
  • the supplier (e.g. motor vehicle dealership) from where you are purchasing the asset where applicable; and
  • your referees or contacts if we are unable to contact you.

How we deal with an individuals who remain anonymous or use a pseudonym?

You have the option of not identifying yourself or of using a pseudonym when dealing with us. For example, if you contacted us with a general enquiry about our products, services or the financiers or insurers we have on our panel, you don’t need to identify yourself.

However, if you elect to apply for a finance and/ or insurance product, you will need to identify yourself, as your PI is required to support a finance application.

How we deal with solicited information

We will only collect information form you or from a third party with your consent, that is reasonably necessary for our main function or activity, that is, any activity related to a finance and or insurance application. Whilst we generally don’t collect sensitive information, we will only do so if it is related to our main function or activity and we obtain your consent to collect it.

How we deal with unsolicited information

If we receive PI about you that you did not solicit, we will determine if we could have obtained this information by lawful and fair means. An example may be where we obtain information about you from your accountant or solicitor. However, if we determine we would be unable to collect the information by lawful and fair means or if the information is not reasonably necessary for our main function or activity, we will destroy or permanently de-identify the information.

Notification of the collection and use of personal information

When we collect PI directly from you, we will advise you of the purposes for which it was collected, who it will be disclosed to and why, how you can access your PI and seek its correction or how you can make a complaint if you believe your PI was not handled in accordance with this policy or the APPs.

In circumstances where we collect PI from a third party about you, we will inform you of that collection and if the PI is reasonably necessary for our main function or activity, how we intend on using it and who we will disclose it to.

Direct marketing and how you can opt out of receiving marketing material

We may use the PI we collected from you for the purpose of marketing about additional products or services available to you, both via our group and third parties. These marketing activities may be conducted via e-mail, telephone, social media platforms, SMS, mail or any other electronic means. We won’t sell your PI to any organization outside our group.

If you do not wish to receive marketing material from us, you can opt out and any time but simply sending an e-mail to [email protected] and we will update our records and systems accordingly. Alternatively, you can call us on 1300 887 754 and advise us you no longer wish to receive marketing material. Generally speaking, we will stop sending direct marketing material to you within 30 days of receiving the request.

Cross-border disclosure of PI

Our group operates in Australia, however, we may share your information with organisations outside Australia whom we are affiliated and have contractual arrangements with. These countries include, but are not limited to:

  • Germany;
  • New Zealand;
  • United Kingdom;
  • Philippines;
  • India;
  • Singapore;
  • Japan;
  • Malaysia;
  • Vietnam; and
  • the United States of America.

As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed.

Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.

Use and collection of government related identifiers

As part of the finance application process, we may collect government related identifiers from you that appear on certain documents. Examples of government related identifiers include, but are not limited to:

  • Driver’s Licence numbers;
  • Passport numbers; and
  • Tax File Numbers.

We won’t use a government related identifier to identify you or your application, as generally we will use your name and / or an application number.

When providing certain finance and / or insurance products to you, we may be required to disclose certain government related identifies, such as a Driver’s Licence number to a financier or insurer, which forms part of their identification process.

However, there are specific requirements relating to Tax File Numbers. Under the Tax File Number Rule 2015, TFNs should only be collected under superannuation, taxation and personal assistance laws. We will take all reasonable steps to permanently de-identify any TFN that appears on a document we have received from you, your employer or accountant.

How we ensure your PI is up to date and accurate

We will make every reasonable effort to ensure that the PI we hold about you is accurate, up to date and complete. However, if any of your PI needs to be updated, please contact us (refer to the Contact Us section of this policy) and we will update it for you.

How do we keep your PI secure?

We take the security of your PI seriously and as information is stored both electronically and in hardcopy format, we have a variety of safety measures in place to protect your PI from misuse, modification, interference, loss, unauthorized access or disclosure. Some of the safety measures include, but are not limited to:

  • confidentiality agreements requirements of our employees and external representatives;
  • document storage security policies;
  • security measures for access to our systems;
  • only giving access to PI to authorized staff and representatives who require access to such information;
  • premises security; and
  • electronic security systems such as firewalls and data encryption.

Where we store PI physically or electronically with third party data storage providers, we have contractual arrangements to ensure those providers take appropriate security measures to protect that that information and restrict those who access it.

How can you access your PI and seek its correction?

If we hold PI about you, we must provide you with access to that information upon receiving a request from you. However, there are certain circumstances where we may not provide you with access to your PI, such as:

  • we believe there is a threat to life or public safety;
  • there is an unreasonable impact on other individuals;
  • the request is frivolous;
  • the information wouldn’t ordinarily be accessible because of legal proceedings;
  • it would prejudice negotiations with you;
  • it would be unlawful;
  • it would jeopardise taking action against serious misconduct by you;
  • it would be likely to harm the activities of an enforcement body (e.g. the police); or
  • it would harm the confidentiality of our commercial information.

If we can’t provide the information you’ve requested, we will advise you in writing as to the reasons and how you can make a complaint.

If you believe the PI we hold about you is inaccurate, out of date, incomplete, or irrelevant, please contact us and we’ll update it.

How do you make a complaint?

If you believe we haven’t handled your PI in accordance with this policy or the APPs, you can contact us using the details below:

COG Aggregation Pty Ltd
Level 1, 2 Roche Street
Hawthorn VIC 3122

1300 887 754
[email protected]

Most complaints can be resolved on the spot or within days. We’ll keep you informed of our progress and if we’re unable to resolve your complaint within 21 days we’ll tell you that we need more time to investigate.

In the event of a delay and we’re unable to provide you with a final response within 45 days, we’ll tell you the reason for the delay, give you a date you can expect to hear an outcome and update you monthly.

Changes to this policy

Any changes we make to this policy will be updated on our website.

Contact us

If you have any questions about this policy or other privacy related procedures for our group, please don’t hesitate to contact us using the details below.

COG Aggregation Pty Ltd
Level 1, 2 Roche Street
Hawthorn VIC 3122

1300 887 754
[email protected]