• RP Data Pty Ltd trading as CoreLogic Asia Pacific (ABN 67 087 759 171) and its Australian subsidiaries and related bodies corporate, including RP Data Pty Ltd, Valuation Exchange Pty Ltd, Cordell Information Pty Ltd, OnTheHouse.com.au Pty Ltd, Residex Pty Ltd (CoreLogic Australia); and
• CoreLogic NZ Limited and its New Zealand subsidiaries and related bodies corporate (CoreLogic NZ),
(together us, we, our, CoreLogic).
• the Privacy Act 1988 (Cth) (Australian Privacy Act) and the Australian Privacy Principals (APPs) made under that Act; and
• Privacy Act 1993 (NZ) (NZ Privacy Act) and the Information Privacy Principles (IPPs) that are set out within that Act.
The term Privacy Act means, in respect of CoreLogic Australia, the Australian Privacy Act; and in respect of CoreLogic NZ, the NZ Privacy Act.
CoreLogic also operates and markets a number of other products and services, including:
- Property Data and Analytics Services
- Platform and Risk Management Services
- Marketing Direct Product
General Purpose of Collection
All personal information that we or our related bodies corporate collect, is reasonably necessary for the purposes relating to providing our products and services.
We will not collect personal information unless the information is reasonably necessary for or directly related to one, or more of our functions or activities. If we are unable to collect personal information we reasonably require, we may not be able to do business with you or the organisation with which you are connected.
We predominantly collect information about real property. Whilst much of this information is not personal information, some of the information we collect, on its own or when matched with other information, may be personal information about you.
Property Data and Analytics Services
The types of information we collect in respect of our Property Data and Analytics Services include:
- Date of birth
- Contact details
- Residential address
- Occupation details
- Property title, ownership and transfer details
- Property tenancy and registered lease details
- Bank account and credit card details for our customers, users and subscribers
- Information pertaining to products and services ordered from us and their use
- Officeholder, directorship and shareholder information
- Telephone directory information
Platform and Risk Management Services
The types of personal information we collect in respect of our Platform and Risk Management Services include:
- Date of birth
- Phone numbers
- Drivers licence details
- Email address
- Employment and occupation details
- Financial history
- Property title, ownership, transfer and tenancy information
- Mortgage and loan application details & other financial information related to any loan application including
- Bank account information
Marketing Direct Product
The types of personal information we collect in respect of our Marketing Direct Product include:
- Email addresses
- Phone numbers
Non-personal Information - Property Data and Information
We also collect data about your property which is not personal information at the time we collect it. For example:
- Property sales information – sales prices and addresses, on their own, do not amount to personal information as this data is not connected to an individual.
- Historical sales for your property – this is not information about you, but rather the price obtained by an unidentified previous owner of the property
- Property attribute information, such as number of bedrooms, bathrooms, garage or car spaces and land size etc.
- Building and construction data, such as construction materials, building characteristics, construction costs and replacement costs
We may collect personal information about you from a combination of sources including directly from you, from third parties or from publicly available sources.
If it is reasonable and practical to do so, we will collect personal information directly from you. This will include contact details and other information relevant to providing services to you. This may take place in a number of ways, such as:
- when you sign up for products or services, such as OnTheHouse, Property Value or qv.co.nz
- order a product or service from us
- subscribe to a newsletter
- when you provide us with corrected or updated information about you or a property you own.
We may also collect personal information from third parties such as your representatives and/or publicly available sources of information.
The majority of the information we collect about you or the properties you own will be from public records, which we licence from the relevant government departments and agencies. Third parties from whom we source publicly available information include:
- State Government departments
- Local councils
- White pages
- Real estate listing portals on which you or your agent have advertised your property for sale or lease
- Real estate agents
Third Party Suppliers
Third parties from whom we source other information include:
- Real estate agents and Real estate listing portals on which you or your agent have advertised your property for sale or lease
- Related companies of RP Data Pty Ltd or CoreLogic NZ Limited
- Tenancy and strata managers
- Financial institutions
- Mortgage brokers
- Property valuers
- Marketing database providers
Collection on Behalf of Others
We collect information on our own behalf and on behalf of others. Where we collect information on behalf of others, we require that they comply with the Privacy Act and APPs.
If someone other than you provides us with personal information about you that we did not ask for and we determine that we could have collected this information from you had we asked for it, we will notify you as soon as practicable. This notice will be given unless to do so would be in breach of an obligation of confidence. If we could not have collected this personal information, we will lawfully de identify or destroy that personal information.
We will not collect any sensitive information from you, revealing your: race, ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships or details of health or disability.
We may use personal information about you for the primary purpose of providing our services, and for which you would reasonably expect us to use that information, including sending you information about new developments, products, services and special offers by post, telephone or any form of electronic communication. We may use any email address or other personal information you provide to us at any time for this purpose.
We may also use or disclose information about you:
- where we have obtained your consent
- where we have obtained the information from another party (including the valuer generals department of your state government, LINZ or Territorial Authorities in New Zealand) for a specified purpose
- as required by relevant laws, statutes, regulations, codes and external payment systems.
We take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to the protection of your personal information.
We may share with third-parties information that is not associated with your name or identity, such as Website usage information, non-personally identifiable demographic information, information about properties and aggregate user statistics in accordance with applicable law.
We may provide certain information about you including your personal information to our related bodies corporate.
Unauthorised access use or disclosure
In the event of a security incident involving unauthorised access, use or disclosure of personal information where a third party with whom we share personal information is involved, we will seek to work cooperatively with them to protect the personal information we have shared with them.
Property Data and Analytics Services
For our Property Data and Analytics Services, we collect personal information for the purposes of:
- developing our products and services
- verifying your identity
- providing our products and services to our customers
- administering and managing products and services provided to you, including charging, billing, account management, and debt collection
- performing administrative and operational tasks (including risk management, systems development and testing, credit scoring and staff training, and market or customer satisfaction research)
- conducting research about our products and services
- auditing and monitoring the products and services we provide
- responding to any specific request you make of us
- generating records and reports based on your use of our products and services
- preventing or investigating any fraud or crime (or a suspected fraud or crime)
- providing you with news and information, as well as promote and market products, services and special offers made available by us, our related companies and third parties (unless you ask us not to and only where we have obtained your consent directly).
In order to achieve the above purposes, we may use or disclose your personal information to:
- your authorised representatives and agents
- our agents, contractors and third party service providers to enable them to provide services (including administrative services) for or to us
- our customers and subscribers as part of a Data, Research and Analytics Product or Service offered by us
- third parties to enable them to provide you with news and information and to promote and market their products, services and special offers (unless you ask us not to)
- others where the disclosure is required by law, for example, to government agencies and regulatory bodies as part of our statutory obligations, or for law enforcement purposes
- an organisation that acquires all or part of our assets or businesses.
In addition to the above, when you sign up for a services (such as Property Value), we may obtain your consent to provide you with news and information, as well as promote and market products, services and special offers made available by us, our related companies and third parties (unless you ask us not to). We will only ever direct market to you where we have collected the information directly from you or where you have consented to receiving direct marketing communications.
Where we collect information from publicly available sources, such as the valuer general office in each State and Territory, our use of this information must be in accordance with the rules set down by the relevant information provider. These rules are contained in the terms of consumer contracts (see, for example our Australian General Terms located here http://www.corelogic.com.au/about-us/terms-and-conditions.html and our NZ General Terms located here: https://www.corelogic.co.nz/about-us/product-terms-and-conditions (General Terms)).
The information provider’s rules may be amended from time to time and therefore so too will the terms of General Terms.
We may also use or disclose information about you where we have obtained your consent, where we have obtained the information from another party (including the valuer generals department of your state government, LINZ or Territorial Authorities in New Zealand) for a specified purpose, or as required by relevant laws, statutes, regulations, codes and external payment systems.
Platform and Risk Management Services
For Platform and Risk Management Services, we collect your personal information for the primary purposes of assisting mortgage originators (including their brokers) to:
- source valuations and other property reports from third party services providers such as valuers, and building and pest inspection report providers;
- assess risk associated with loan origination.
We may use your personal information to perform risk analytics and provide a report back to the mortgage originator.
The personal information provided to us by mortgage originators will only be disclosed to the third party service providers for the purpose of enabling them to provide the services requested. Similarly, any report provided to us by the third party service providers will only be disclosed to the mortgage originators who requested the service.
The personal information collected for the purposes of providing Platform and Risk Management Services is not used or disclosed for any other purpose.
Direct Marketing by CoreLogic
We may use personal information we have collected about you for the primary purpose of providing our services, and for other purposes for which you would reasonably expect us to use that information. This includes sending you information about new developments, products, services and special offers by post, telephone or any form of electronic communication. You authorise us to use any email address or other contact information you provide to us at any time for this purpose.
Where we have obtained your consent, we may also send marketing messages on behalf of our third party commercial partners.
You can opt out of receiving marketing material from us at any time by contacting us by email:
You agree and acknowledge that even if you opt out of receiving marketing material from us, we will still send you essential information that we are legally required to send you relating to the services we provide. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our distribution lists may take several business days after the date of you request to be removed.
Marketing Direct – Direct marketing by third parties (Australia Only)
We collect your personal information from third party marketing database providers for the purposes of providing the Marketing Direct product to our subscribers. The Marketing Direct database is not validated against any other personal information we collect for other purposes.
We also collect publicly available non-personal information about properties, such as number of bathrooms, bed-rooms and listing information and other modelled inferences about properties. This information may be supplied to third parties for their use in direct marketing campaigns, including through combining with contact details contained in Marketing Direct.
We obtain contractual warranties from the database providers that the personal information they collect complies with the Privacy Act
Your personal information may be disclosed to our subscribers for the purposes of direct marketing their products and services to you. Our terms and conditions with our subscribers require that they comply with the Privacy Act in all direct marketing communications with you.
If you wish to be removed from our Marketing Direct database, please contact our Privacy Officer by email at:
• Australia: email@example.com
• New Zealand: firstname.lastname@example.org
Information not used for Direct Marketing
Where we collect information from Government sources such as the Valuers General Office in each State and Territory in Australia; or LINZ, Southland DC or Christchurch Council in New Zealand (Government Data Sources), we do not use this information (or allow or customers and subscriber to use this information) for direct marketing purposes.
When we licence personal information which has been obtained from Government Data Sources to our customers and subscribers as part of a Property Data and Analytics Service offered by us, we require them:
• to not use personal information for direct marketing
• to comply with all third party use restrictions (which are set out in the terms and conditions of your contract with us where the personal information is collected by a third party and provided to us)
• to comply with the Privacy Act.
For CoreLogic’s Australian businesses, we store and retain your personal information in Australia.
For CoreLogic’s New Zealand businesses, we store and retain your personal information in New Zealand and Australia.
However, people located overseas may be able to access your personal information in order to provide data entry and development services to us in the provision of our Products and Services. In the vast majority of these cases access is strictly limited, and under the supervision and control of our Australian based product team. Such access will only be under secure protocols (see below for further information on Storage and Security). Our overseas services providers are located in:
• New Zealand (where CoreLogic Australia is the relevant business)
• Australia (where CoreLogic NZ is the relevant business)
Some of our products and services accessible via our web services portals may be accessed by customers located overseas.
Whenever your personal information is disclosed to, or accessed by, a person located overseas, this will only occur where:
(a) we consider the recipient to be bound to legislation similar to the Privacy Act and we have a contractual mechanism with them to enforce your rights; or
(b) we have an enforceable contractual arrangement with the overseas recipient that requires the recipient to handle your personal information in accordance with the Privacy Act.
When you visit the Site the server may attach a "cookie" to your computer's memory. A “cookie” assists us to store information on how visitors to the Website use it and the pages that may be of most interest. This information may be used by CoreLogic (including by or on behalf of our third party commercial partners) to provide users of your computer with information that we think may interest the users of your computer.
- determine whether you have previously accessed our Websites
- store user preferences, identify the pages you have accessed, your IP address and the date, time, login location and duration of your visit
- improve the performance of the Website. For instance, they help pages load quicker
- aid in the security of your use of our CoreLogic Websites
- aid in the log-in process
- facilitate administration of CoreLogic Websites
- generate statistics about the use of our Websites (including through the use of third party analytics services) to continually improve our Websites and customer service, and data products and identify product trends
- help us to serve you relevant advertisements and implement frequency capping procedures
However, this information is not linked to any personal information you may provide to the Websites and cannot be used to identify you.
Opting out from Cookies and analytics
You may withdraw or change your cookies consent at any time by modifying your browser settings to accept or decline cookies. You may also go to www.allaboutcookies.org or www.youronlinechoices.eu if you are in Europe, or to www.aboutads.info/choices if you are anywhere else for instructions on how to disable cookies.
If you choose to configure your computer so that it disables cookies or does not accept them, you may not be able to make full use of our Websites.
You may opt-out from Google Analytics here or by downloading the Google Analytics opt-out browser add-on, available at: https://tools.google.com/dlpage/gaoptout. In some instances, when you opt-out, a new cookie (Opt-Out-Cookie) is placed in your web browser. This tells the third party provider to cease data collection from your browser and prevents advertisements from being delivered to you.
We will use all reasonable endeavours to keep your personal information in a secure environment, however, this security cannot be guaranteed. Your use of our Websites and the electronic storage of your personal information is secured by practices and procedures which we consider are consistent with Australian industry standards. All orders placed online using a credit card are covered by SSL security technology to protect customer details. These security measures are designed to ensure your personal information is not subject to unauthorised access, loss or misuse. If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us (see Contact Us below).
If we no longer need your personal information, unless we are required under Australian law or a court or tribunal order to retain it, we will take reasonable steps to destroy or de-identify your personal information, in accordance with our document and information retention policy.
Notwithstanding the reasonable steps taken to keep information secure, breaches may occur. In the event of a security incident we have in place procedures to promptly investigate the incident and determine if there has been a data breach involving personal information, and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with Privacy Act requirements.
We take all reasonable steps to ensure that your personal information held by us is accurate, up-to-date, complete, relevant and not misleading. If you believe that any of your personal information is not accurate, up-to-date, complete, relevant and not misleading, please contact us (see Contact Us below) and we will take all reasonable steps to correct it within a reasonable time.
You may request to access the personal information we hold about you. We will endeavour to respond to any such request within a reasonable period of time and, where reasonable and practicable, give access to the information in the manner you request. This will be subject to any exemptions allowed under the Privacy Act. You may request this information by writing to the Privacy Officer (see Contact Us below).
We may charge a reasonable fee for providing that information.
If you have a complaint about our treatment of your personal information, please contact our Privacy Officer (see Contact Us below). Our Privacy Officer will consider and if, in our reasonable opinion, necessary, investigate your complaint and endeavour to respond to you within a reasonable period of time.
If we do not adequately answer your concerns, you have the right to make a complaint as follows:
- Australia: to the Office of the Australian Information Commissioner
- New Zealand: to the New Zealand Privacy Commissioner
Locked Bag 5
Eagle Farm QLD 4009
Telephone: 1300 734 318
CoreLogic NZ Limited
Level 2, 275 Cuba Street
Telephone: +64 (4) 915 6000
When contacting us or using our products and services, you have the option to either not identify yourself or to use a pseudonym. However, this will not apply if it is impracticable for us to communicate with you that way. We are required or authorised under law (or a court or tribunal order) to only deal with individuals who have identified themselves.
CoreLogic provides additional information to its EEA, Switzerland and UK based users to comply with data protection laws.
What is personal data?
“Personal data” is information about you (a “data subject”) the use of which is governed by applicable data protection laws. It will include any information from which you can be identified, directly or indirectly, in particular by reference to an identifier such as your name, an identification number, location data, an online identifier or other information about your identity. Most information collected about you on the Website will constitute personal data.
Who is responsible for your personal data?
If you use our Website, the data controller is CoreLogic Solutions Limited, 1st floor, 39 Houndsditch, London EC3A 7DB. CoreLogic Solutions Limited is registered as a data controller with the Information Commissioner’s Office in the UK (registration number Z6322218).
What is the legal basis for processing your personal data?
On some occasions, we process your personal data with your consent, for example, when you agree to receive our newsletter or to deal with your enquiries.
On other occasions, we process your personal data when we need to do this in order to fulfil a contract with you, such as granting you access to our online services.
We also process your personal data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights. For example, we may process your personal data in our legitimate interests to ensure that our Website and services are provided efficiently and in an user-friendly and personalised manner taking into account user feedback, data and profiles, unless consent is required for any such processing under applicable law. We will process personal data to ensure the security of our business and the information of our users, and to ensure the proper and efficient administration of our business. You may contact us for further information.
Finally, we will process your personal data where we are required to do this by law. For example, where we have to fulfil anti-money laundering requirements or disclose information under a court order.
Personal data which you provide may be transferred to our group companies, commercial partners, suppliers or agents located outside your country as set out above. We will ensure adequate protection of personal data transferred outside of your country as required under applicable laws. For example, if you are located in the EEA, Swiss or in the UK, we may enter into model clauses with the recipient. You may contact us for a copy of the safeguards which we have put in place to protect your personal data in these circumstances.
In addition, personal data that you submit for publication on the Website will be published on the internet and may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
How long does CoreLogic keep personal data?
CoreLogic keeps your personal data for only as long as required to provide you with the necessary Website content and services and to carry out the processing set out in this Privacy Notice, and in line with its obligation under applicable law. This means that we will generally not keep your personal data for longer than six years following your last interaction with us, and the actual retention period will often be shorter. You may contact us for further information.
Data subjects may ask us for a copy of their personal data, to correct it, erase it or to transfer it to other organisations at their request. Data subjects also have rights to object to some processing including profiling and, where we have asked for their consent to process the data subject’s personal data, to withdraw this consent. In particular, data subjects have the right to object to direct marketing at any time. Where a data subject withdraws their consent, this will not affect the legitimacy of the processing conducted prior to your request. Where we process personal data because we have a legitimate interest in doing so (as explained above), the data subject has a right to object to this. Where we make a decision based solely on automated processing which significantly affects the data subject, he or she may have the right to contest the decision, express his or her point of view and obtain human intervention.
These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your personal data.
Please use the contact information set out in our Contacting Us section above. We will aim to acknowledge your enquiries within 72 hours and respond within one month, unless otherwise required by law.
We hope that we can satisfy queries you may have about the way we process your personal data. However, if you have unresolved concerns you also have the right to complain to your local data protection authority.
• Australia: http://www.corelogic.com.au/about-us/privacy-policy.html
• New Zealand: https://www.corelogic.co.nz/about-us/privacy-policy
CoreLogic® is a registered trademark of CoreLogic Solutions, LLC and used under licence by RP Data Pty Ltd.