Privacy Policy

What Information We Collect

When we refer to personal information we mean information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not recorded in a material form. The kinds of personal information we may collect about you include:

• Identity information: name, date of birth, address, email address, phone number
• Employment details: employer, occupation, proof of income and expenses
• Financial information: account details, transaction history, assets and liabilities
• Family information: number and ages of dependants, marital status
• Residency information: length of time at current address
• Tax information: Tax File Number or tax residency status (where lawfully required)
• Payment information: where required to process or receive payments

When you visit our website, we may also collect your IP address, device information, browser type, and general location information. See the Cookies section below for more detail.

If you are applying for finance, we may also collect and use credit-related information, which is described further under the Credit-Related Information section.

Why We Collect It

We collect personal information to conduct our mortgage broking business, including to:

• assess your eligibility for, and assist you to apply for, credit products;
• establish and verify your identity as required by law;
• match you with suitable lenders from our panel;
• manage our ongoing relationship with you, including loan reviews;
• comply with our legal obligations under the National Consumer Credit Protection Act 2009 (Cth), the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), and other applicable law;
• manage risk and meet compliance requirements imposed by AFG and ASIC; and
• provide you with information about products and services that may be relevant to you (with your consent where required).

You are not required to provide us with personal information. However, if you choose not to do so, we may not be able to provide you with credit assistance.

How We Collect It

Where it is reasonable and practicable to do so, we collect personal information directly from you — in person, over the phone, via our contact form, or through documentation you provide as part of an application.

We may also collect information from third parties, including:

• credit reporting bodies (for credit-related information);
• lenders and financial institutions;
• employers and payroll providers (for income verification);
• accountants, lawyers, and financial advisers acting on your behalf;
• referral partners who introduce clients to us;
• publicly available sources such as public registers; and
• AFG's aggregation platform and systems.

Who We May Disclose It To

We may disclose your personal information to third parties for the purposes for which it was collected, or as permitted by law. These third parties may include:

• lenders, banks, and non-bank financiers to whom we submit your application;
• AFG and its affiliated entities in the course of aggregation services;
• credit reporting bodies (Equifax, Experian, Illion);
• lenders mortgage insurers and title insurers;
• valuers, quantity surveyors, and property professionals;
• legal representatives, settlement agents, and conveyancers;
• any person who represents you, including attorneys and accountants;
• IT service providers, cloud storage providers, and software vendors;
• debt collection agencies and recovery firms, if applicable;
• auditors and insurers; and
• government agencies and regulators where required by law, including ASIC and AUSTRAC.

Before disclosing your personal information to any third party, we take reasonable steps to ensure that the recipient is either subject to privacy obligations equivalent to our own, or that you have consented to the disclosure.

Credit-Related Information

Credit information is personal information about you that relates to credit you have applied for, been provided with, or guaranteed. This includes your identification details, loan types and amounts, repayment history, default information, financial hardship arrangements, serious credit infringements, court proceedings, and public insolvency information.

Credit eligibility information is information obtained from a credit reporting body about you, and information we derive from it.

Notifiable matters — The law requires us to inform you of the following in relation to credit-related information:

• We exchange credit-related information with credit reporting bodies to confirm your identity, assess your creditworthiness, process credit applications, and manage finance arrangements.
• Credit reporting bodies may provide information we report about you to other credit providers for the purpose of credit assessment.
• We may obtain information that other credit providers have reported to credit reporting bodies when assessing your creditworthiness.
• If you fail to meet payment obligations in relation to finance we have arranged, or commit a serious credit infringement, we may disclose this to a credit reporting body.
• You may contact any credit reporting body to request that your credit information is not used for pre-screening of credit offers by other credit providers.
• If you believe you are a victim of fraud, you may notify a credit reporting body. They must not use or disclose that information for 21 days after receiving the notification.

Credit reporting bodies we use:

• Equifax Pty Ltd — equifax.com.au
• Experian Australia Credit Services Pty Ltd — experian.com.au
• Illion Australia Pty Ltd — illion.com.au

You may download their privacy policies from the links above.

Overseas Disclosure

We use cloud storage and third party service providers whose servers may be located outside Australia, including in countries such as the United States of America, Canada, Malaysia, India, Ireland, the United Kingdom, and the Philippines. Personal information and credit-related information we hold may therefore be stored or accessed from overseas.

Before any overseas disclosure, we take reasonable steps to ensure that the overseas recipient is subject to privacy obligations substantially similar to the Australian Privacy Principles, or that the disclosure is otherwise permitted under the Privacy Act 1988 (Cth). Where personal information is disclosed overseas, you may not be able to seek redress under the Privacy Act against that overseas recipient.

You may contact us at any time to request further information about the overseas entities to whom we may disclose your information.

Direct Marketing

We may use your personal information to send you information about finance products, services, or market updates that may be of interest to you. We will only do so in accordance with the Privacy Act 1988 and the Spam Act 2003 (Cth).

You may opt out of receiving marketing communications from us at any time by:

• using the unsubscribe link in any marketing email we send you; or
• contacting us at [email protected].

We will give effect to any opt-out request promptly and at no cost to you.

How We Protect Your Information

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. This includes physical and electronic security measures appropriate to the sensitivity of the information held.

Pursuant to the Privacy and Other Legislation Amendment Act 2024 (Cth), which commenced in December 2024, we are subject to enhanced obligations to take "reasonable steps" to protect personal information. We regularly review and update our security practices to meet these obligations.

Information may be stored in both paper and electronic form, including on cloud-based systems. Where personal information is no longer required for the purpose for which it was collected and there is no legal requirement to retain it, we will take reasonable steps to destroy or de-identify that information.

Cookies & Website Analytics

When you visit jackwell.com.au, we may collect general, non-identifying information for statistical and website improvement purposes, including the number of visitors, pages viewed, and navigation paths through the site.

We use Google Analytics 4 (GA4) and Google Tag Manager (GTM) to analyse how visitors use our website. These services use cookies — small text files placed on your browser — to collect information about your browsing behaviour. This information is transmitted to Google servers and used to generate aggregated reports about website usage. Google's privacy practices are governed by the Google Privacy Policy.

We also use Cloudflare Turnstile on our contact form for spam prevention purposes. Turnstile is a privacy-preserving CAPTCHA alternative that uses signals from the browser to verify visitors without tracking them. See the Cloudflare Privacy Policy.

You can configure your browser to refuse cookies, delete existing cookies, or notify you before a cookie is placed. However, disabling cookies may affect the functionality of this website. Information that does not identify you personally cannot be disabled via browser settings, as it is collected via embedded code on the website's pages.

Access & Correction

You have the right to request access to the personal information and credit-related information we hold about you. You may also request that we correct any information that is inaccurate, out of date, incomplete, or misleading.

To make an access or correction request, contact us using the details in the Complaints section below. We will generally respond to access requests within 30 days. We may charge a reasonable fee to cover the cost of retrieving and providing information to you.

There may be circumstances in which we are unable to provide access — for example, if the information is commercially sensitive, subject to legal privilege, or relates to existing or anticipated legal proceedings. Where we deny access, we will provide written reasons.

For correction requests, we will provide an initial response within 7 days and complete our investigation within 30 days. If we decline to make a correction, we will explain our reasons in writing.

Notifiable Data Breaches

The Notifiable Data Breaches (NDB) scheme requires us to notify you and the Office of the Australian Information Commissioner (OAIC) if we become aware of a data breach that is likely to result in serious harm to any individuals whose information is involved.

If we determine that a breach meets the threshold for notification, we will:

• notify you as soon as practicable of the nature of the breach;
• describe what information was involved;
• advise what steps we are taking to contain and remediate the breach; and
• recommend steps you can take to protect yourself from the consequences of the breach.

We will also notify the OAIC in accordance with our legal obligations. If you believe your personal information held by us has been compromised, please contact us immediately using the details in the Complaints section.

Automated Decision-Making

Under privacy reforms that commenced in December 2024, we are required to be transparent about the use of personal information in significant automated decisions.

Jackwell Finance does not make significant automated decisions about you on its own account. Lenders and credit providers to whom we submit applications may use automated decision-making processes (such as credit scoring systems) as part of their credit assessment. If this is relevant to your application, we will inform you and, where possible, direct you to the relevant lender's privacy policy or credit guide for further information.

Sensitive Information

Sensitive information includes information about your racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation, criminal record, or health information. We will only collect sensitive information where:

• you have consented to its collection; and
• it is reasonably necessary for our functions or activities.

For example, health information may be collected if relevant to an application for mortgage protection insurance. We will not collect sensitive information about you beyond what is necessary for these specific purposes.

Government Identifiers

Where we collect government identifiers (such as your Tax File Number), we will only use or disclose that information as required or authorised by law. We will never use a government identifier as our own identifier for you, and we will not disclose government identifiers except as required by law or with your express consent.

Privacy Complaints

If you have a concern about how we have handled your personal information, or if you wish to make a privacy complaint, please contact us in the first instance. We will acknowledge your complaint within 7 days and aim to provide a decision within 30 days. We will notify you if a longer period is required.

Privacy Officer — Jackwell Finance

• Email: [email protected]
• Post: PO Box 68, Claremont WA 6910

If your complaint is not resolved to your satisfaction through our internal process, you may escalate to:

• Office of the Australian Information Commissioner (OAIC)
  Web: oaic.gov.au | Phone: 1300 363 992
• Australian Financial Complaints Authority (AFCA)
  Phone: 1800 931 678 | Email: [email protected]
  Post: GPO Box 3, Melbourne VIC 3001 | Web: afca.org.au

Changes to This Policy

We review this Privacy Policy regularly and update it to reflect changes in our services, applicable law, and best practice. The current version of this policy is indicated by the "Last Updated" date shown above.

We will publish any updated version of this policy on this website. You may also request a copy of this policy in an alternative format by contacting us at [email protected].

This Privacy Policy was last reviewed and updated in April 2026, reflecting changes introduced by the Privacy and Other Legislation Amendment Act 2024 (Cth) and the Privacy (Credit Reporting) Code 2024.