Our commitment to protect individuals’ privacy
Custom Fleet entities (“we”/ “us”/ “our”) include:
in respect of our Australian customers, Custom Service Leasing Pty Ltd ABN 60 073 245 084, Custom Fleet Pty Ltd ABN 69 005 093 701, Element Fleet Services Australia Pty Ltd ABN 14 119 426 612 Element Financial (Australia) Pty Ltd ABN 14 119 426 612 and EFN (Australia) Pty Ltd ABN 90 607 344 650
in respect of our New Zealand customers, Custom Fleet NZ Company no. 621355, EFN (New Zealand) Limited Company no. 5759228 and EFN Fleet NZ Limited Company no. 5869341.
“Personal information” is information or an opinion that identifies, or could reasonably identify, an individual.
We conduct our business with privacy and data protection in mind. This Privacy Policy sets out how we collect, hold, use and disclose personal information about you and your privacy rights relating to that personal information. We ensure that our handling of personal information has a legitimate basis and is compliant with applicable laws and regulations. You may be a customer, contractor, employee, job applicant, supplier, service provider, partner, or another party with whom we do business, have previously done business, or may do business in the future.
This Privacy Policy applies to our management of personal information in connection with:
use of our websites, www.customfleet.com.au (Australia) and www.customfleet.co.nz (New Zealand), and related portals and applications (collectively, “Website”)
any enquiries or applications you make through our Website, or by email or telephone with us
our assessment and processing of applications for credit, lease facilities and management services, and ongoing administration of such arrangements
the provision and marketing of our products and services,
collectively referred to as “Services”.
This Privacy Policy also applies to personal information we collect from candidates in connection with the application and recruitment process for employment with us.
We value your privacy and take our obligations to protect personal information seriously. We are bound by the Privacy Act 1988 and Privacy (Credit Reporting) Code 2025 in Australia and Privacy Act 2020 in New Zealand, and all applicable privacy regulations.
We operate a vehicle leasing and financing business, providing credit, finance and operating leases and management services to approved applicants.
This Privacy Policy explains how we manage your personal information, including:
the kinds of personal information that we collect and hold
how we collect and hold personal information
the purposes for collecting, holding, using and disclosing your personal information
whether we will (or are likely to) disclose your personal information to overseas recipients and the countries where such recipients may be located
how you may access and/ or correct your personal information held by us
how you may make a complaint about the way we collect, hold, use or disclose personal information, and how
we will deal such complaints
our contact details
the consequences of not providing personal information
how we use your personal information for marketing activities.
You may interact with us anonymously or by using a pseudonym if the interaction is general in nature. However, if the interaction is specific to an account or relates to your personal information, we will need to identify you before we can engage in further discussions and correspondence.
This Privacy Policy will be kept up to date and published on www.customfleet.com.au and www.customfleet.co.nz
You can request this Privacy Policy in an alternate form by contacting us using the details in the Contact us section of our Website.
Additionally, over the course of our relationship with you, we may tell you more about how we handle your personal information. This could be when you apply for our Services or seek to work with us. We recommend you review any privacy notices, declarations, statements or consent forms we provide as they may contain more details that are specific to your circumstances.
We collect personal information from current and prospective customers of our business and associated individuals for the primary purpose of providing and improving our Services. The collection of your personal information allows us to:
verify your identity
assess applications for finance or management services
share your information with credit reporting bodies and credit reporters (collectively, “CRBs”) so that they can conduct credit checks, provide credit reports and assist us in assessing your creditworthiness
determine whether to approve you for finance or our other products and services
establish and manage finance and services arrangements
establish and administer any credit-related insurance product
accept investments.
We also collect your personal information for secondary purposes (in addition to the primary purpose). Personal information may be applied towards a secondary purpose if it is related to the primary purpose of collection and the use and disclosure would be within your reasonable expectations. The relevant secondary purposes you should be aware of include:
complying with our legal obligations (for example, under anti-money laundering and counter-terrorism financing laws)
maintaining and improving our products, services, customer experience and operational processes, including through data analytics, risk modelling and research, and designing and implementing new product and service developments
enabling contract performance
conducting direct marketing and sending you electronic marketing communications where permitted by law
providing customer service and support, including through digital communication channels
account management and servicing activities, including communicating with you about your account and collecting overdue payments
conducting data matching exercises of existing customer databases with marketing, advertising and data matching service providers for the purpose of delivering targeted marketing across online digital channels, including social media platforms and search engines (e.g. Google)
detecting, investigating and preventing fraud, scams or other unlawful activity
complaints handling purposes
(if applicable) accrediting you as an aggregator, broker or introducer of loans and other products
monitoring and reviewing communications (including calls, chats and messages) for quality assurance, training, compliance and service improvement purposes, including generating transcripts or communication analytics
developing, testing, training and improving technology systems used to support our business operations, including artificial intelligence or machine-learning systems used for customer communications, fraud detection, analytics or service delivery.
For job applicants and current and prospective employees, we collect your personal information to carry out the application and recruitment process, which includes (without limitation) assessing your application and skills, verifying your identity and work eligibility, managing employment or contractor agreements and arrangements, conducting reference checks and meeting any legal workplace obligations.
The types of personal information we collect and hold will vary according to the nature of our interactions with you, and our rights and obligations under applicable laws and regulations. We may not collect all of the below personal information about you and will only collect personal information that is required and relevant to our interactions with you.
Under our general collection practices, the kinds of personal information we may collect and hold include:
personal information such as your full name, date of birth, phone number, email address, residential address, marketing preferences and interests about our products and services, information collected using Website cookies, IP address and other information relevant to customer surveys, social media, product research and/ or offers. If you are applying for credit, a lease facility or management services, the personal information collected may also include: driver licence card details; other identification document details; financial information and/ or banking details; employment information; the ages and number of your dependants and cohabitants; gender; the length of time you have resided at your current address; marital status; nationality; information on your assets and liabilities; proof of earnings and expenses; information collected via analytics and telematics; and “credit-related information” about you. Credit-related information includes both “credit information” and “credit eligibility information”. Credit information means information such as your identity; the type, terms and maximum amount of credit provided to you, including when that credit was provided and repaid; repayment history information; payment information; details of any serious credit infringements; court proceedings information; personal insolvency information; publicly available information; and consumer credit liability information, including defaults of past and present lease and other credit facilities and applications. Credit eligibility information is credit reporting information supplied to us by a CRB and any information we derive from it. We may use your credit-related information to assess your eligibility to be provided with finance. Credit-related information is typically exchanged between credit providers and CRBs
sensitive information, which is a particular subset of personal information. The kinds of sensitive information we may collect include criminal record information (such as road-related penalties and offences resulting from a criminal conviction and national criminal history checks) and health information. We will only collect sensitive information where reasonably necessary and with your consent, unless otherwise permitted by law or a permitted general situation exists (such as where it is reasonably necessary for establishing, exercising or defending a legal or equitable claim).
If you apply for employment with us, this Privacy Policy also applies to the personal information you share with us, or that is otherwise acquired by us indirectly, during the application and/ or recruitment process, such as:
your name, residential address, email address, telephone number and other contact information
personal information contained in your CV, resume, cover letter and other supporting documents relating to your application
personal information obtained from interviews, correspondence with you and reference checks, which may include referee checks, national criminal history checks, bankruptcy and financial probity checks, and other background verification processes relevant to your role or engagement
personal information obtained from publicly available sources.
You may choose not to give your personal information to us. However, if you do not provide us with the personal information we request, it may result in us being unable to interact with, and/ or provide goods or services to, you.
Where we receive unsolicited personal information, we will check whether that information is reasonably necessary for our functions or activities. If it is, we will handle this information the same way described in this Privacy Policy. If not, we will take reasonable steps to destroy or de-identify it.
We may collect personal information about you from government agencies, and if we collect government identifiers, such as your tax file number or Inland Revenue Department number, we will not use or disclose this information other than as authorised by law. We will not use a government identifier to identify you.
Wherever possible and practical, we will collect personal information directly from you, whether in person, by telephone, mail, email, fax, or through our Website or a form (such as an application form). The circumstances in which such collection may occur include (without limitation) where you:
make an enquiry with, or contact, us through our digital services and communication channels
attend an event hosted by us
visit our Website
lodge a loan enquiry or request a quote through our Website
apply to invest in a product offered by us
apply to be a borrower, guarantor or lessee under one of our products
apply to work with us
participate in other activities we offer, such as competitions or surveys
apply for accreditation with us as an aggregator, broker or introducer of loans or other products.
Where lawful, we may also collect your personal information indirectly from a third party. This will be limited to circumstances where it is impracticable or unreasonable for us to collect it directly from you, or you have authorised us to do so. The type of third party who may provide personal information to us will vary depending on the nature of our relationship with you. Such third parties may include (where legally permitted):
customer representatives and proxies (e.g. individuals representing a company for the purpose of contract management)
CRBs (e.g. to collect credit-related information about you as a result of credit checks you authorise us to carry out)
one of our authorised representatives (e.g. brokers and agents)
government bodies
other credit providers and/ or financial institutions
our related entities and overseas affiliates
individuals and/ or organisations authorised to act on your behalf (e.g. financial advisers, executors, administrators, trustees, guardians, attorneys, solicitors, accountants or consumer advocates)
third-party platforms, service providers or intermediaries
referees, current/ past employers or recruitment consultants (e.g. for job applicants)
introducers such as brokers, agents, dealers and our retail partners (who are not otherwise our
authorised representatives)
publicly available sources to the extent permitted by applicable laws and regulations.
At times, we may also acquire or purchase lists containing personal information from organisations that provide such data for marketing activities. Any information obtained in this way will be handled in accordance with this Privacy Policy.
If you provide personal information to us about another individual, you must ensure that:
you are authorised to disclose that information to us
we may collect, hold, use and disclose such information for the purposes described in this Privacy Policy. For example, you should take reasonable steps to ensure the individual concerned is aware of the various matters detailed in this Privacy Policy, in particular, our name and address and the purposes of collection of their personal information.
As most of the personal information we hold is collected digitally, this information is typically stored in either:
proprietary servers located across Australia and New Zealand, where we retain effective control over the personal information held on our servers; or
secure, cloud-based servers located across North America, Europe and Asia.
Where we use cloud-based servers, data collected by technologies and tools may be de-identified and anonymised so that individuals cannot be identified or re-identified from the data, before such data is sent overseas for storage. When data is not de-identified or anonymised, it will be stored and handled in a way that complies with Australian and New Zealand privacy laws.
Hard copy documents are very rarely held, but if so, will generally be held on site, in a mixture of tambours, locked cabinets, and safes, depending on the nature of the document.
We understand the importance of protecting personal information. We take reasonable steps to ensure personal information is free from misuse, interference, loss and unauthorised access, modification or disclosure by applying appropriate technical, organisational and administrative measures. Such measures may include access controls, staff training, anonymisation and technology solutions to secure systems and facilities. When personal information is no longer needed having regard to the purposes for which we may use or disclose the information, we ensure that reasonable steps are taken to destroy or de-identify it (or otherwise put the information beyond use).
We may use and disclose your personal information for the purposes set out in this Privacy Policy and other related purposes, where you would reasonably expect us to. We may share and disclose personal information to:
manufacturers, distributors and/ or suppliers of goods in connection with your lease or other credit facility or management services
insurers who provide insurance in relation to the lease or other credit facility
service providers and organisations providing products or services used or marketed by us, such as customer service organisations, repairers, IT service providers, fuel card and other payment product providers, telematics providers, mobile and telecommunication providers, call centres, mailing houses, researchers, collections agents, statement producers, asset disposal service providers, property valuers, data analysts, professional advisers, auditors, delivery companies, identity verification service providers and introducers (such as brokers, agents, dealers and our retail partners)
other credit providers and financial institutions
your employer/s or referees, professional advisers, representatives, other individuals and companies authorised by you and any other organisation that may have, or is considering having, an interest in your lease or credit facility, or in our business
other parties as required or authorised by law, including government or regulatory bodies for the prevention or detection of unlawful activities, and courts, tribunals or law enforcement agencies
our related entities and overseas affiliates
CRBs or other businesses or organisations that provide personal credit or commercial credit information in accordance with privacy laws in Australia or New Zealand (as applicable)
any current employee who you have named to verify your personal information
organisations through whom you choose to make payments to us
organisations wishing to acquire an interest in any part of our business for assessing or implementing any such acquisition
organisations involved in a corporate re-organisation or transfer of our assets or business
lenders, trustees, investors and other entities in connection with our funding activities
any person who guarantees or proposes to guarantee your obligations to us or provide security in relation
to such obligations for the purpose of allowing that person to assess whether to act as your
guarantor and /or security provider
other guarantors or borrowers (if more than one)
We may also share additional information about our disclosure of personal information specific to that type of disclosure in a relevant privacy collection notice. We will not share your personal information unless it is reasonably necessary for the purpose for which it was collected, or you have consented to the disclosure, it is required or authorised by law, it is reasonably necessary for business function or activities, or another legally permitted exception applies. We will only share information that is required to fulfil the purpose for the disclosure.
If a disclosure includes sensitive information, we will only disclose it with your consent or where otherwise permitted in accordance with applicable laws and regulations. We do not and will not sell your personal information.
As is the case throughout the financial services industry and other major industries, technology allows for services to be provided by different service providers, including some that are located overseas. We are also part of a global company group, with overseas affiliates. This means, sometimes, for the same purposes outlined in this Privacy Policy, we need to share the personal information we hold with third parties or related entities located overseas, such as:
other members of our global company group
service providers or third parties who store data or operate outside Australia or New Zealand (as applicable)
organisations we partner with to provide products and services
parties to an international transaction you have authorised us to carry out or are involved in (e.g. currency exchanges)
other entities and parties where we are required or authorised by law to do so – for example to comply with our legal obligations or help government, regulators or law enforcement agencies.
The countries in which the above overseas recipients are likely to be located include Australia, New Zealand, the United States, Canada, Ireland, Israel, Mexico and India. Depending on the details of the activity you ask us to carry out, there may also be other countries where we need to disclose your information. Consistent with Australian and New Zealand privacy laws, we take reasonable steps to ensure overseas recipients are bound by, and your personal information is subject to, appropriate privacy protection mechanisms (e.g. contractual provisions).
The law requires us to advise you of “notifiable matters” about how we may handle your credit-related information. You can ask us to have these notifiable matters (and this Privacy Policy) provided to you in an alternate form.
If you apply to us for consumer credit (including a new credit account or to increase the limit on an existing credit account) or a commercial credit account or if you are a guarantor in relation to an application for credit, we may carry out a credit check about you with your consent.
A credit check is when we ask a CRB for information about the credit you have applied for and taken out in the past, and how you have managed this credit. The CRB will record the fact that we have done a credit check. This will show on your credit report as a “credit enquiry” (also known as an “information request”). The enquiry may be disclosed to other credit providers and used and disclosed by the CRB or a credit provider, including in the calculation of a credit score.
When a credit enquiry is recorded on your credit report, it can affect your credit score in different ways. It may go up, down or stay the same, depending on factors such as the type of credit you are applying for, how many other credit checks you have had recently, and other details in your credit report. A credit enquiry is more likely to lower your credit score if you make a lot of credit applications in a short time.
The information we may access includes your repayment history information, which shows whether you have a history of making required payments on time (and whether any have been made after they are due) and other credit-related information specified in this Privacy Policy.
We may exchange your personal information and credit-related information with CRBs. The credit-related information exchanged with a CRB may be used by us to verify your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor and manage your finance. The CRB may hold the personal and credit‑related information we provide to them in their credit reporting databases. They may use and disclose that information to other credit providers in connection with the credit products you have with us, to help assess your creditworthiness, or for any other lawful purpose, including debt collection. We may also obtain information that other credit providers have provided to the CRB to use in our assessments of your creditworthiness.
The information we can exchange includes your identification details, what type of credit you have, how much you have borrowed, whether or not you have met your repayment obligations and if you have committed a serious credit infringement (such as obtaining credit by fraud). If you fail to meet your payment obligations in respect of any amount of credit we have provided to you, or any credit we have arranged for you, or if you commit a serious credit infringement, we may disclose this to the CRB.
As set out in this Privacy Policy, you may access the credit-related information we hold about you. You may also request we correct any credit-related information we hold about you if you believe the information is out-of-date, incomplete or incorrect.
The information we provide to a CRB may sometimes be used for “credit pre-screening” of direct marketing offers to be made by another credit provider. You have the right to request the CRB not to use your credit-related information in this way. To opt-out of credit pre-screening, contact the CRB using the contact details noted below.
You can also ask the CRB not to use or disclose your personal information if you believe you have been, or are likely to be, a victim of fraud, or if you have reasonable grounds to believe the information they hold is out-of-date, incomplete or incorrect. In Australia, CRBs must not use or disclose your credit‑related information for 21 days after you notify them you may have been a victim of fraud. In New Zealand, you can request that CRBs suppress your credit‑related information for 10 working days, and you may ask to extend the suppression period if you believe the fraud risk is ongoing.
The main CRBs with which we exchange your credit-related information include:
Equifax Pty Ltd ACN 080 662 568 (Australia) – www.equifax.com.au – contact on 13 83 32; see privacy policy at www.equifax.com.au/privacy
Equifax New Zealand Information Services and Solutions Limited NZBN 9429039517487 (New Zealand) – www.equifax.co.nz – contact on 0800 698 332; see privacy policy at www.equifax.co.nz/privacy
Other CRBs that may hold your credit-related information include:
Experian Australia Pty Ltd ACN 082 851 474 (Australia) – www.experian.com.au – 1300 783 684; see privacy policy at www.experian.com.au/privacy-policy-terms-conditions
Experian New Zealand Operations Limited NZBN 9429042535256 (New Zealand) – www.experian.co.nz – contact on 0800 733 707; see privacy policy at www.experian.co.nz/privacy-policy
Centrix Group Limited NZBN 9429032209006 (New Zealand) – www.centrix.co.nz – contact on 0800 236 874; see privacy policy at www.centrix.co.nz/privacy-statement
From time to time, we may use and disclose your personal information for direct marketing purposes, including to provide you with news, special offers and information on products and services we think may be of interest and value to you.
We may contact you by mail, telephone, email, SMS, MMS or other means (e.g. through our Website or targeted advertising on social media and other media provider platforms). We may be assisted in our direct marketing activities by third-party providers such as:
marketing companies or mail houses that send messages for us
social media or other media providers that deliver our targeted advertising on or through their platforms.
You can tell us to stop sending you direct marketing, or update your marketing preferences, at any time. To opt-out of receiving direct marketing from us, you can either:
contact us using the details in the Contact us section of our Website
write to our Privacy Officer your opt-out request at privacy@customfleet.com.au (if you are located in Australia) or privacy@customfleet.co.nz (if you are located in New Zealand)
if the direct marketing communication is an electronic message – for example, email, SMS or MMS – using the unsubscribe function provided.
We will not charge you for giving effect to your opt-out request and will take all reasonable steps to honour it at the earliest possible opportunity.
You are entitled to access or correct the personal information we hold about you, including any credit-related information. If your information is inaccurate, incomplete or needs updating, please contact us straight away.
The Contact us section of our website contains details of the ways you can contact us in respect of privacy matters. For more detailed information, we may ask you to fill out a request form. We may need to ask you for additional information to verify your identity before processing a request.
There is no fee to ask for your information, but we may sometimes charge a fee to cover the time we spend gathering the requested information. If a fee is applicable, we will let you know the likely amount, so you can decide if you wish to proceed.
If your request is to access your personal information, we try to make it available within 30 calendar days or 20 business days (whichever is sooner) after you ask us for it. For correction requests, we will aim to acknowledge your request within 7 days and advise you of our decision in 30 calendar days or 20 business days, whichever is sooner. As part of considering your request, we may need to consult with other credit providers, CRBs and/ or relevant entities, or obtain further information from you. Where we have previously disclosed the information to another entity and a correction is made, we will take reasonable steps to notify that entity of the correction where appropriate.
In some cases, we can refuse access or only give you access to certain personal information. For example, we may not let you see information that concerns other individuals. If we do this, we will explain our decision to you in writing.
If you have a privacy related concern, complaint or question you can contact us:
In writing
Australia | New Zealand |
|---|---|
Send a notice addressed to: Attn: Privacy Officer Custom Fleet Level 11, 83 Clarence Street Sydney NSW 2000 Or by email: privacy@customfleet.com.au | Send a notice addressed to: Attn: Privacy Officer Custom Fleet 8 Tangihua Street Auckland 1010 Or by email: privacy@customfleet.co.nz |
Or by phone: By contacting your Relationship Manager or Custom Fleet representative (whichever is applicable).
The Contact us section of our website also contains details of the ways you can contact us.
For any complaints about how we have handled your personal information (including any credit-related information), we ask that you let us know first so we can try to fix it. We will aim to review and resolve your concerns as quickly and fairly as possible. We will keep you informed of our progress and do all that we can to provide you with the most suitable response specific to your situation and resolve your complaint to your satisfaction.
If you are not satisfied with our response after you have been through our internal complaints process, you can contact the Office of the Australian Information Commissioner (“OAIC”) or New Zealand Privacy Commissioner (“OPC”) (as applicable) via the details below who can investigate your complaint if it is about your privacy or our handling of your credit-related information.
Australia | New Zealand |
|---|---|
The Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001 AUSTRALIA Phone: 1300 363 992 Fax: 02 9284 9666 Website: www.oaic.gov.au | The Office of the New Zealand Privacy Commissioner PO Box 10094 Wellington 6143 NEW ZEALAND Phone: 0800 803 909 Fax: 04 474 7595 Email: enquiries@privacy.org.nz Website: www.privacy.org.nz |
For more detailed information on our complaints handling process, please refer to our Customer Feedback and Complaints page on our website.
Online servicing or access
When you register to access products or services online, the information collected is compared with the details we may already have stored, which may include your name and date of birth. This allows us to verify who is seeking access. If this information is not provided you will not be able to access your personal information online.
Tracking information on the web
For statistical and analytical purposes, we may collect information on Website activity such as the number of users who visit our Website, the date and time of visits, the number of pages viewed, navigation patterns, what country and what systems users have used to access our Website and, when entering our Website from another website, the address of that website. This information is obtained through the use of 'cookies' (refer below for more information about 'cookies').
Our Website may also contain links to non-Custom Fleet websites. While these links are provided for convenience, if you are navigating these sites please be aware that the information handling practices of the linked websites may differ from ours. While we try to link only to sites that share our high standards and respect for privacy, we are not able to guarantee the privacy practices of other websites. Cookie information, information about your preferences and/ or other information you have provided about yourself may also be shared between us and the owners of third-party websites.
We have implemented industry leading technologies and best practices to protect our customers’ data. To ensure the confidentiality of all data sent and received from your computer to our systems all data including personal information is protected using strong encryption. The security level of a web page can be viewed by clicking on the internet browser's padlock or key icon.
A 'cookie' is a packet of information that allows a website to identify and interact more effectively with a computer. Cookies do not identify you, but they do identify your browser type and Internet Service Provider.
Your browser can be individually set to accept all cookies, reject all cookies, or notify when a cookie is sent. If cookies are rejected, there may be limits on how our Website can be used. To evaluate the effectiveness of our Website advertising, we may use third-party advertising and analytics providers such as Google Analytics and Company 360 to collect statistical data. No personal data is collected by us on these occasions. However, the third‑party providers we engage may be able to identify you.
From time to time, we may place targeted advertisements on non-Custom Fleet websites, which install a cookie when our advertisement is viewed. These cookies help us count unique visitors to our Website and understand which advertisements directed them to us, allowing us to assess the effectiveness of our advertising. Further information about the use of cookies may be found in the privacy policies of the websites that set them.
You can opt-out of our targeted advertising on social and other third-party media platforms by blocking or deleting cookies on your browser. However, taking these steps may not stop all types of online tracking technologies and will not remove all advertising from us on the pages you visit.
In the event of a data breach (being an “eligible data breach” in Australia, or a “notifiable data breach” in New Zealand as defined by the respective Privacy Act), we will:
comply with our obligations under Australian and New Zealand privacy laws (as applicable, including under mandatory notifiable data breach schemes) by promptly investigating the breach
where required, prepare a statement outlining the beach for notification to the relevant privacy regulator (being the OAIC in Australia, or for New Zealand, by way of an online notice to the OPC) and affected individuals
include details in that statement about the nature of the breach, the types of information involved, steps we recommend you take to protect yourself and how you can contact us for further information.
If you have any questions about how we manage data breaches, please contact us using the details provided in the Contact us section of our Website.
any person with your consent.