2024 Year end tax planning and financial reporting guide - unlocking tax and reporting insights for year end success > Download the full guide

Credit Reporting Policy

William Buck is a network of professional services firms with offices in Australia and New Zealand. In this Credit Reporting Policy, ‘William Buck’, ‘we’, ‘us’ and ‘our’ mean all firms carrying on business under the name of William Buck and includes all related bodies corporate and other associated entities.


William Buck respects and values privacy. The purpose of this policy is to clearly express how credit related personal information (which means credit information, credit reporting information, credit eligibility information and/or regulated information) (“Credit Information”) including the collection, holding, use and disclosure of such information, is managed.

This policy details our management of Credit Information about individuals. It does not apply to corporations.

We are bound by the Privacy Act 1988 (Cth) (“Privacy Act”) and the Privacy (‘Credit Reporting’) Code 2014 (Version 2.1) (‘CR code v2.1′)) to the extent applicable in relation to the Credit Information.  This Credit Reporting Policy is in addition to our Privacy Policy which applies to other personal information and should be read in conjunction with this policy.

Collection of Credit Information

Credit information is the information we may collect and give to a credit reporting body and take into consideration when you apply for or use credit.  This information includes:

  • Identity details, such as your name, address, contact numbers and email address;
  • The fact that you have applied for credit and the amount;
  • The fact that, as we provide terms of payment of accounts which are greater than 7 days, we are a credit provider to you;
  • Repayment history information, including details of credit you have applied for including but not limited to dates of credit contracts, due dates for repayments, repayment history and any related information;
  • In specified circumstances (as identified by the Privacy Act), default information (including payment information if you pay a defaulted amount previously listed with a credit reporting body);
  • Advice that payments are no longer overdue and the date on which overdue payments were made;
  • In specified circumstances (as identified by the Privacy Act), our opinion that you have committed a serious credit infringement;
  • The fact that credit provided to you has been paid or otherwise discharged (including the date of discharge);
  • Details pertaining to your financial position, including any bank account details or credit card details;
  • Other credit information related to your credit worthiness which is derived by us; and
  • Information derived from receiving credit reports about you (being ‘CP derived information’) and ‘credit eligibility information’ (as defined in the Privacy Act).

In this policy, we refer to ‘credit-related information’ to capture some or all information referred to above (as the context requires).

We will generally only obtain this information from you, or from someone representing or assisting you. However, if it is unreasonable to collect it from you directly, we may collect it from third parties with your consent. We may also collect credit-related information from credit reporting bodies or from other credit providers where permitted by the Privacy Act. If we collect details about you from someone else, we will, whenever reasonably possible, make you aware that we have done this and why, unless such information:

  • Is collected from publicly available sources, including but not limited to any court proceeding information, personal insolvency information or credit related publicly available information; or
  • Is collected as otherwise required or authorised by law.

To the extent necessary, you expressly consent to us obtaining credit-related information about you from the types of external parties listed above.

We use credit-related information to assist us in determining whether we will provide or continue to provide services to you on credit and to manage our relationship with you. If credit information is not collected by us, it may prevent us from engaging in certain activities with you and your business, including deferred payment arrangements.

Holding of Credit Information

We will take steps to hold personal information in a manner which is secure and protected from unauthorised access.  This may be held in either a physical form or in electronic form on our IT system. These security arrangements will include protection against modification, disclosure or misuse through the use of measures such as physical restrictions and password protection.

Our staff are trained with respect to the security of personal information and we will restrict access where necessary.

We will destroy or de-identify the personal information once it is no longer required.

Disclosure of Credit Information

Your Credit Information may be disclosed to parties that provide credit-related services to us such as debt collectors, credit management agencies, credit providers and our agents.

We may also disclose credit-related information about you to credit reporting bodies where you are in payment default. A payment default is defined in the CR code v2.1 as an amount greater than $150 and outstanding for more than 60 days. We will provide at least 14 days’ notice of our intention to disclose default information to a credit reporting body before making any such disclosure.

We do not disclose any credit-related information to any recipient located outside of Australia.

As noted in our Privacy Policy, we may utilise overseas service providers in relation to personal information (excluding Credit Information).  Please see our Privacy Policy for further details.

Access and Corrections

You may request access to any credit-related information that we hold about you by contacting our Privacy Officer.  If you request that we correct any credit-related information that we hold about you, we will endeavour to respond to that request within 21 days (or such longer period as you may agree) and correct any credit-related information that we hold about you that we are satisfied is inaccurate, out-of-date, incomplete, irrelevant or misleading.

If we correct credit-related information that we hold about you without you requesting it, we will take reasonable steps to notify that correction to you.

Changes to Credit Reporting Policy

Please be aware that this policy may be updated as and when required, for example, to take into account new laws, changes to our operations and practices, and changes in the business environment or technology. We may modify this Policy at any time, at our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our websites. Please check back from time to time to review our Credit Reporting Policy.


If you believe an act or practice we have engaged in has breached the Privacy Act or the CR code v2.1, you can lodge a complaint free of charge by contacting our Privacy Officer.  We will endeavour to contact you to confirm receipt of your complaint within 7 days and will try to resolve the complaint within 30 days of receiving the request. Depending on the nature of the complaint, we may need to consult with third parties, including credit reporting bodies or other credit providers, to resolve the complaint.

If you are unhappy with our resolution of your complaint, or with the way in which it was handled, you may refer the matter to the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au).


Credit eligibility information about an individual means:

  1. Credit reporting information about the individual that was disclosed to a credit provider by a credit reporting body; or
  2. Credit provider derived information about the individual.

Credit worthiness of an individual means the individual’s:

  1. Eligibility to be provided with consumer credit; or
  2. History in relation to consumer credit; or
  3. Capacity to repay an amount of credit that relates to consumer credit.

Credit reporting body means:

  1. An organisation; or
  2. An agency prescribed by the regulations;
  3. That carries on a credit reporting business.

Credit provider (CP) derived information is any personal information e.g. credit score (other than sensitive information) about the individual:

  1. That is derived from credit reporting information about the individual that was disclosed to a credit provider by a credit reporting body under the Privacy Act; and
  2. That has any bearing on the individual’s credit worthiness; and
  3. That is used, has been used or could be used in establishing the individual’s eligibility for consumer credit.

 Sensitive information is

  1. Information or an opinion about an individual’s:
    1. Racial or ethnic origin; or
    2. Political opinions; or
    3. Membership of a political association; or
    4. Religious beliefs or affiliations; or
    5. Philosophical beliefs; or
    6. Membership of a professional or trade association; or
    7. Membership of a trade union; or
    8. Sexual orientation or practices; or
    9. Criminal record;
      that is also personal information; or
  2. Health information about an individual; or
  3. Genetic information about an individual that is not otherwise health information; or
  4. Biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
  5. Biometric templates.

 Serious credit infringement

  1. An act done by an individual that involves fraudulently obtaining consumer credit or attempting fraudulently to obtain consumer credit;
  2. An act done by an individual that involves fraudulently evading the individual’s obligations in relation to consumer credit or attempting fraudulently to evade those obligations; or
  3. An act by an individual if:
    1. A reasonable person would consider that the act indicates an intention, on the part of the individual, to no longer comply with the individual’s obligations in relation to consumer credit provided by a credit provider;
    2. The credit provider has, after taking such steps as are reasonable in the circumstances, been unable to contact the individual about the act; and
    3. At least 6 months have passed since the credit provider last had contact with the individual.


Contact Details for each office

The Privacy Officer

William Buck (NSW) Pty Ltd

Level 29

66 Goulburn Street

Sydney NSW 2000

(02) 8263 4000



The Privacy Officer

William Buck (SA) Pty Ltd

Level 6

211 Victoria Square

Adelaide SA 5000

(08) 8409 4333


The Privacy Officer

William Buck (VIC) Pty Ltd

Level 20

181 William Street

Melbourne VIC 3000

(03) 9824 8555


The Privacy Officer

William Buck (QLD)

307 Queen Street

Brisbane QLD 4000

(07) 3229 5100


The Privacy Officer

William Buck (WA) Pty Ltd

Level 3

15 Labouchere Road

(Cnr Mill Point Road)

South Perth WA 6151

(08) 6436 2888


This Credit Reporting Policy was last updated on 14 May 2020.  It may be amended from time to time and will be published on our website.