Back to menu
Admin 1920X1080

Our Privacy Policy

We respect the privacy of personal information that is provided to us. This policy explains how we manage that information. 

This policy applies to any personal information you provide to us and any personal information we collect about individuals from other sources. We also have a Credit Information Policy which applies specifically to our handling of credit-related personal information. 

Personal informationis information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, or recorded in a material form or not.

Sensitive information’ is a particular kind of personal information and has the same meaning given to it in the Privacy Act 1988 (Cth) (Privacy Act) when used in this policy. 

Purposes of our collection of personal information 

We collect personal information that is reasonably necessary to perform our functions and activities, including: 

  • facilitating and encouraging Australian export trade and overseas infrastructure development; 

  • encouraging other financiers to support Australian export trade and overseas infrastructure development; 

  • providing information and advice about export and infrastructure finance products and opportunities; 

  • encouraging and facilitating various activities that support Australia’s economic resilience and security and the net zero transformation; and 

  • assisting other Commonwealth entities consistent with our statutory functions. 

Examples of how we use and disclose personal information include for: 

  • responding to your requests and enquiries; 

  • communicating with you during the course of your business or other relationship with us; 

  • responding to a complaint that you may make; 

  • developing and identifying products and services that may interest you; 

  • compliance with applicable laws; 

  • updating and maintaining our records; 

  • notifying you about important changes to, or development of, our functions, activities, services and website; 

  • conducting direct marketing, market research campaigns or customer satisfaction research, including using marketing automation and web personalisation tools for customer/user-specific website experiences and marketing communications; 

  • developing, establishing and administering alliances and other arrangements with parties (including financiers, insurers and Commonwealth government agencies and Departments such as the Australian Trade and Investment Commission (Austrade), the Department of Foreign Affairs and Trade (DFAT), the Minister for Trade and Tourism, the Department of Finance and the Minister for Finance) in relation to the promotion, administration and use of our respective products and services; 

  • assessing your application for employment and to maintain any employment relationship; 

  • providing assistance to other Commonwealth entities in relation to the operation and administration of financial and service arrangements and agreements between us and those Commonwealth entities; and 

  • where reasonably necessary, notifying those potentially impacted that a person who has visited our premises may have contracted a communicable notifiable disease. Any such disclosures will be in line with applicable government health advice and on a need-to-know basis, disclosing only the minimum amount of information we consider reasonably necessary. 

Dealing with us anonymously 

Generally, you can opt to deal with us anonymously or use a pseudonym. However, it might not be practical or possible for us to deal with you in this way in some circumstances. Also, there are circumstances where we may be required or authorised by law to know your identity in order to perform our functions and activities.

Please note in section titled “What personal information we collect and hold” below certain kinds of information collected when you are browsing our website. 

Personal Information 

The types of personal information we collect and hold about you depend on the function or activity being performed. Examples of personal information we may collect and hold might include: 

  • personal information provided when you establish a business relationship with us; 

  • identification information such as your name(s), contact details (personal and/or business) including addresses, telephone numbers and email addresses, driver’s license, passport details and date and place of birth; 

  • contact and identification details of any third party that you have authorised to negotiate or provide your personal information on your behalf; 

  • personal information in relation to employment applications, our employees and contracted service providers, including (as applicable) employment record information such as education, qualifications, skills, performance, conduct, pay details and information required for the purposes of security screening, and information from employment background screening providers. Further information on the specific kinds of personal information we collect in relation to our employees is set out in our internal Employee Personal Information Privacy Statement; 

  • personal information captured via security cameras (CCTV) in common areas within Export Finance House in Sydney (and the common areas of Export Finance Australia’s other office locations), which may be collected and held where necessary, including for building security and work health and safety purposes, and the names of building access card holders (including individuals employed by tenants of Export Finance House) for building security purposes; 

  • IP addresses including via electronic signing platforms and direct marketing tools; and 

  • personal information contained in any correspondence between you and us. 

Sensitive Information 

In certain circumstances, we may also collect and hold sensitive information about you, for example: 

  • information about your membership of professional, trade or political associations; 

  • in relation to Export Finance Australia employees, criminal record information (as part of employment background screening), diversity/inclusion information, health information including details of medical conditions (including dietary requirements), disabilities and any other sensitive information you voluntarily provide to us; 

  • in relation to Export Finance Australia employees, biometric data may be used to identify or authenticate individuals using fingerprint or facial recognition technologies on Export Finance Australia devices. This biometric data is stored securely on Microsoft Windows or Apple iOS devices and cannot be removed, exported, or transferred to any other device or system by Export Finance Australia. Individuals can choose not to provide their biometric data or delete their biometric data at any time; 

  • information from publicly available sources, for example in relation to criminal activity;  and 

  • if you are present at or have visited our premises, such information as is reasonably necessary to prevent or manage a communicable infectious disease  from spreading in our workplace or premises. Generally, medical or health information will only be collected and held to the extent required to manage the risk. 

We recommend generally that you do not provide sensitive information to us unless we specifically request it. We will only collect it where: 

  • you have consented; 

  • the information is reasonably necessary for, or directly related to, any of our business activities or functions; 

  • we are required or authorised to do so by law; or 

  • a permitted health or general situation exists, including where we are collecting the information in order to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety. 

When the law requires or authorises us to collect and hold information 

We may collect information about you because we are required or authorised by law to collect it.

When an eligible data breach declaration or an emergency declaration is in force, we may collect, use and/or disclose personal information about you if we reasonably believe that you may be at risk and the terms of the declaration are met. An eligible data breach declaration can be made by a Minister under the Privacy Act and permits the sharing of personal information in order to prevent or reduce the risk of harm to individuals arising from a misuse of personal information in the event of an eligible data breach.

(Note: in summary terms, under the Privacy Act an “eligible data breach” occurs where there is unauthorised access to, or unauthorised disclosure of, the information and a reasonable person would conclude it would likely result in serious harm to any of the individuals to whom the information relates; or where information is lost in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur and, if so, a reasonable person would conclude that it would likely result in serious harm to any of the individuals to whom the information relates.)

A Minister can also make an emergency declaration that permits the sharing of personal information for a purpose that directly relates to the Commonwealth’s response to an emergency or disaster. There are special provisions in the Privacy Act for the collection, use and disclosure of personal information in an emergency or disaster that affects Australians either in Australia or overseas. 

We may require your personal information to verify your identity for the purposes of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and associated regulations. 

What we collect via our website 

Site Visit Data 

Our website hosting provider makes a record of your visit and logs the following information for statistical purposes: 

  • your server address; 

  • your top-level domain name; 

  • the date and time of the site visit; 

  • the pages accessed and documents viewed or downloaded; 

  • the previous site visited (in some circumstances); and 

  • the type of browser used. 

This information is collected to facilitate our website and system administration. 

No attempt will be made to identify users or their browsing activities (outside of our website) except in the unlikely event of an investigation, for example, if a law enforcement issues a warrant to inspect our hosting provider's logs. 

External sites that are linked to or from our website are not under our control and users should view the privacy policies applicable to those websites separately. 

Our use of ‘Cookies’ 

Cookies are used on our website to supplement the site visit data described above. 

A cookie is a small text file that a website server gives to a browser the first time you visit the site and updates with each return visit. Cookies can store information such as username and password and what parts of the site were visited. Accepting a cookie does not give access to your computer and a cookie does not identify you personally (it identifies your browser). We use cookies to monitor your use of our website, to observe behaviour, compile aggregate data and provide users with an improved and more effective service. There are two types of cookies: temporary and log cookies. Temporary cookies are required and tell the website server which page to pull up next. Our website uses traffic log cookies to show what pages are being used on our site. 

Social Media 

We categorise our followers on social media platforms at a high level by demographic features (such as business types, location, job titles) and may receive statistics on these categories. 

Your use of our website and providing information to us 

By continuing to use our website or by providing us with information, you consent to us managing your information and the information you provide us with in the manner set out in this policy. 

Where reasonably practicable we will collect personal information directly from you. However, in some circumstances we collect personal information about you from someone else. 

We collect personal information in the following ways: 

  • directly from you, or the individual to whom the information relates, including through our website or our digital applications, by telephone, email, in person and in paper and electronic documents (including forms or applications) completed and provided to us; 

  • where you or another individual are an employee, director or hold beneficial ownership in an entity that we do business with, from that entity; 

  • through our representatives, advisers and other third parties we deal with, including our professional advisers, government including agencies and departments, law enforcement agencies and our partners (including other financiers) and contracted service providers (including risk and compliance database service providers, company search providers and identification database providers such as Documentation Verification Service providers); 

  • from credit reporting agencies and from financiers, advisers and representatives of the individual (and companies or entities related to the individual) to whom the information relates; 

  • from our records of our products or services which you (or a related company or entity) have applied for or utilised; and 

  • from publicly available sources. 

Where you are a prospective or current customer, a service provider or a financing partner and provide information to us about a third party, we expect you will ensure that you have made the third party aware of the disclosure of their personal information, the purpose of the collection, and the use and other potential on- disclosures of that information – see also section titled “Sharing your personal information” below. 

How we use personal information 
We use and disclose personal information for the primary purposes for which we collect it (see section titled “Why we collect personal information”  and section titled “What personal information we collect and hold” above). We may also use or disclose personal information we collect for secondary purposes that are otherwise permitted under the law, including where: 

  • we have obtained consent; 

  • you would reasonably expect the use or disclosure, and the secondary purpose is related to the primary purpose (or in the case of sensitive information, either the secondary purpose is directly related to the primary purpose, or otherwise where a permitted general situation exists); 

  • the use or disclosure is required or authorised by law or court/tribunal order; or 

  • we consider the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body. 

Automated decisions 
We do not currently use computer programs to make decisions that could reasonably be expected to significantly affect your rights or interests as an individual. 

We sometimes need to share your personal information with others. 

We disclose personal information to third parties located in Australia or overseas where we believe such disclosure is reasonably necessary to perform our functions and activities, including to provide our products and services, or to comply with a legal obligation. We may disclose your personal information to: 

  • our external advisers (for example, our lawyers, accountants and auditors); 

  • other insurers; 

  • other financiers; 

  • government entities and departments, including Austrade, DFAT, the Minister for Trade and Tourism, the Department of Finance and the Minister for Finance; 

  • government agencies or other specified entities if an eligible data breach declaration or an emergency declaration is made by a Minister under the Privacy Act; 

  • our business partners and service providers we engage to support or assist us to perform our functions and activities, including for example in connection with our products and services and our IT service providers; 

  • third parties we engage for promotional activities or direct marketing purposes to the extent permitted by law; 

  • anyone to whom we are required or authorised to disclose information to, by or under Australian law, or a court/tribunal order; and 

  • with your consent, other entities. 

The parties listed above may in turn disclose your personal information to other parties in accordance with their privacy policies or equivalent. In addition, we and third parties we disclose to or use to hold your personal information (as set out above) may hold or store your personal information overseas, including with a cloud service provider located overseas (see section titled “How we hold your personal information” below for how we ensure your information is appropriately protected). 

We may disclose personal information to third parties by electronic means, including via the internet. 

If you give us personal information about other individuals, we rely on you to have made them aware: 

  • that you will provide that information to us; 

  • of our Privacy Policy and of the purposes for which we use personal information; 

  • of the types of third parties to whom we may disclose personal information; and 

  • of how those individuals may obtain access to personal information relating to them. 

Where the personal information is sensitive information, we rely on you to have expressly obtained the relevant individual’s consent to the above. If you have not done these things, you must tell us before you provide the relevant information. 

How we hold personal information 

The security of your personal information is important to us and we take (and require third party service providers and suppliers, including any based overseas, to take) reasonable steps to: 

  • protect any personal information we hold from misuse, interference and loss, and unauthorised access, modification or disclosure; and 

  • ensure that personal information is handled in accordance with applicable law. 

We may store your personal information in different forms, including in hard copy or in electronic form. We have in place policies, procedures and systems (including cloud-based applications and services) to keep your information secure. In circumstances where personal information will be sent, used or disclosed overseas, we will take reasonable steps in conducting appropriate due diligence on the security of these systems and we will ensure appropriate contractual protections are in place to protect the personal information. These may include that the recipient of the personal information is subject to a substantially similar law or binding scheme. 

We are sometimes required or authorised by law to retain certain personal information including for certain periods of time. For example, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). Under the Archives Act 1983 (Cth) (Archives Act), we cannot destroy Commonwealth Government records (which may contain personal information) except in specific circumstances. If the personal information is held in a Commonwealth Government record, we may destroy or de-identify the personal information only where that is permitted under the Archives Act for example, after the expiry of any time periods during which we are legally required to retain the record containing that personal information. If the personal information is not held in a Commonwealth Government record, and there is no other legal impediment to doing so, we may take reasonable steps to destroy or de-identify the personal information when it is no longer required for the purpose it was collected. 

How we store information transmitted electronically

Your information supplied to us via our website or other electronic means is held securely and used and disclosed as set out in this policy. However, you should be aware that communications via the internet are not entirely secure and information you send to us is not necessarily secure during transmission.

If you are concerned about sending us information over the internet, you may be able to download the relevant form and post it to us or provide it to us in person. 

How you can access your personal information 

It is important that the personal information we hold about you is complete, accurate and up to date so that we can properly conduct our business. As such, we may ask you to notify us of any changes to your personal information while we continue to hold it. 

How you can correct your personal information 

You may request (via the contact details set out below) access to your personal information we hold and request that it be corrected if you believe the information we hold is out of date, inaccurate, incomplete, irrelevant or misleading.

We will provide you with access to your personal information except in limited circumstances set out by law. If we refuse a request for access or correction to personal information, we will provide you with written reasons for that refusal.

We will respond to a request for access or correction within 30 calendar days after your request is received, without any cost to you. Where we cannot correct your personal information we will let you know in writing and, on request, we will take reasonable steps to record a statement on our files that you have a contrary view. 

Unsubscribing from marketing communications 

If we send you information about products or services that you do not wish to receive, you can inform us that you wish to unsubscribe or opt out by contacting us in writing (via the contact details set out below). 

Making a complaint 

If you have a complaint about how we handle your personal information, please contact us using the contact details below. Please note that we will ask you to lodge your complaint in writing. We will endeavour to understand and resolve your complaint as soon as possible, in accordance with our complaints mechanism. 

If you make a privacy complaint to us and are not satisfied that the matter has been resolved, you can lodge a complaint with the Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC). Further information about making a privacy complaint to the OAIC is available at: 

http://www.oaic.gov.au. 

You can make a complaint directly to the OAIC rather than to us. In most cases, however, it is likely that the OAIC would refer you to us at first instance to see if your complaint can be resolved without requiring their involvement. 

Contacting us 

If you wish to contact us regarding our handling of your personal information or any of the matters covered in this policy, you can contact our Privacy Officers by: 

  • Post: Attention: Privacy Officer, Export Finance Australia, Level 11, 22 Pitt Street, Sydney NSW 2000 

  • Phone: +61 (0) 2 8273 5333 

This policy is subject to regular review. Any changes to it will be notified publicly by us posting an updated version on our website, and the changes will be effective from that date.

Any information we hold will be governed by the most current version of this policy. This policy was last updated in February 2025.