Your Privacy Policy sets out how you will use, collect and disclose personal information provided to you by customers. There is also specific information you should include around collecting and using credit information that you collect when providing credit to your customers. All of this should be included in the Privacy Policy and attached to your Credit Terms and Conditions.

Understanding Personal Information

In your Privacy Policy, you should set out the type of personal information you will collect including customer’s personal details and other details, such as their financial and credit information. You should include in your Credit Terms and Conditions that you will collect, use and disclose information in accordance with your Privacy Policy. The type of information that you may collect in relation to credit will include:

  • that the customer has applied for credit with you and that you have supplied credit to the customer;
  • payment details;
  • dishonoured cheques;
  • if the customer has been involved in court proceedings; and
  • any other information that may affect the customer’s credit worthiness and their eligibility for credit.

You use of a personal information clause should set out how you will collect and use the personal information. For example, will you use it for record keeping, marketing and other purposes?

Disclosure of Personal Information Clause

You should also include in your disclosure of personal information clause that you may disclose personal information for purposes such as to third party services that assist you in your business. You should set out that you may disclose information specifically in relation to credit information to credit-reporting agencies, courts, tribunals and regulatory authorities where customers fail to pay for goods provided by you to them; 

  • including disclosing that the customer has applied for credit with you and that you have supplied credit to the customer,
  • payment details including when payments are more than 60 days overdue and where you have commenced debt collection actions to retrieve payments from customers;
  • evidence of dishonoured cheques; and
  • if the customer has been involved in court proceedings relating to non-payment of goods and/or services and any other information that may affect their credit worthiness and their eligibility for credit.

For more details about your full obligations, go here.

Your Privacy Policy should also address the customer’s rights in relation to controlling their personal information, their ability to choose and consent as to what personal information can be used, how the customer can restrict how their personal information is used, how the customer can access their information, how they can have their personal information corrected, how they can lodge a complaint and unsubscribe from receiving information from you. If you have a website through which you collect personal information you should also have a storage and security clause, cookies clause and a clause that covers links to other websites.


As a supplier, it is important to have a Privacy Policy that addresses the collection of personal information including credit information and details of the type of information you will be collecting and disclosing. If you’re in need of legal advice in regards to drafting a Privacy Policy which addresses credit information or Credit Terms and Conditions, contact LegalVision on 1300 544 755 and speak with one of our experienced privacy law experts.

Edith Moss
If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.

Would you like to get in touch with Edith about this topic, or ask us any other question? Please fill out the form below to send Edith a message!