Contact bg-terms-mob

HD&U Website privacy policy

This policy provides information as to the kind of personal information that we collect and the way we use it. In this Privacy Policy, the terms “we”, “us”, “our” or “HD&U” are references to HD&U Pty Ltd ACN 658 143 054 or any of its subsidiary and related/associated companies being a related body corporate or associate of HD&U Pty Ltd as those expressions are defined in the Corporations Act 2001 (Cth). HD&U is the company that operates the HD&U website, and we are a business operating as HD&U.

The term “you”, “your” and “user” refers to you, the user of the HD&U website.

At HD&U, we want you to use the website to gain the best working experience you can achieve, and we look forward to helping you to achieve this outcome.

We are committed to respecting your privacy and protecting your personal information. We are bound by privacy principles under the Privacy Act (1988) (Cth) which are applicable to private sector organisations, and other laws which govern the handling of personal information. We sometimes handle personal information relying on exemptions under these laws, for example in relation to employee records. Any permitted handling of personal information under such exemptions will take priority over this privacy policy to the extent of any inconsistency.


We may collect various types of information from you. Some of this information is personal information, some is non-personal. Most of the information that we might collect, relates to the way that you use the website, including your responses to surveys and questions where they exist.

We may collect personal information (being information about you from which your identity is apparent or can reasonably be determined) for purposes including:

  1. identifying you and protecting you against unlawful activity,
  2. arranging and/or providing financial products and services for you, including assessing development activities and programs,
  3. establishing, managing, administering, evaluating and improving our products or services including security and risk management, service development, research and planning,
  4. responding to your queries,
  5. subject to our legal obligations and your requests to opt-out, to provide you with promotional information about products and services by any means including telephone, email and other electronic messages; and
  6. other purposes not listed in this Privacy Policy. If we do, we will make it known to you at the time we collect, use or disclose your personal information.

We may not be able to do these things without your personal information. For example, we may not be able to provide you with the full scope of HD&U services or respond to your queries.

The types of personal information collected may include your name, address, postal or email details, financial details, credit-related personal information (see section 5 below) and other information that we may consider necessary.

Where reasonable and practicable to do so, we will generally collect your personal information directly from you. We may record your interactions with us, including through telephone conversations and emails (this includes the business applications in the HD&U app).


Depending on the circumstances, we may disclose your personal information to our agents and service providers including providers of technology and data processing services, or your or our legal advisers. We may also disclose personal information to other entities within the HD&U group of companies, for any of the purposes for which we may collect, use or disclose information that is set out in this policy. We need to do this to run and update the technology that we use to provide services to you.


To make a request to access or correct any personal information we hold about you, please contact us as set out below in section 9. We may need to verify your identity. Please provide as much detail as you can about the particular information you seek, in order to help us locate it.

We will provide our reasons if we deny any request for access to or correction of personal information. Where we decide not to make a requested correction to your personal information, and you disagree, you may ask us to make a note of your requested correction with the information.


We take care to protect your personal information and employ a range of technical and administrative procedures to protect such information from unauthorised disclosure or loss. We keep personal information in physical and electronic records, both at our own premises and, with the assistance of our service providers, in offsite backups.

If you are considering sending us any personal information through electronic means, please be aware that the information may be insecure in transit, particularly where no encryption is used (e.g. email, standard HTTP).


This section applies in relation to types of information that is classed as sensitive information under the Privacy Act. This information can include areas including religious beliefs, sexual preferences and medical information. Wherever possible, we prefer not to collect sensitive private information. We will give you the option to not share this kind of information, and we reserve the right not to collect it. You can ask to update and delete sensitive private information, and you should contact us to do that.


The Privacy Amendment (Notifiable Data Breaches) Act 2017 introduces the ‘mandatory data breach notification regime’. Under these laws, HD&U must notify any eligible data breach to the Office of the Australian Information Commissioner (“OAIC”) and the affected individuals as soon as practical. HD&U’s internal Privacy policy (Breach Management and Notification Plan) clearly outlines how we swiftly identify and effectively deal with a data breach.


In the event that any part of our business or its assets is ever sold, acquired, merged, liquidated, reorganised or otherwise transferred, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained therein to a third party acquiring the assets. While any transaction of this sort is being considered, we may also make limited relevant personal information available to prospective purchasers and legal and financial advisors and other relevant parties on a confidential basis.


We reserve the right to make changes to this policy. Such changes will be posted on this website and we will publish the effective date when the statement is updated. If you have bookmarked this policy (or the Website) you will need to ensure that the bookmarked version has been updated so that you are aware of the most recent version of this policy.

Last update: July 2022                      


If you have any questions, concerns or feedback about privacy, or would like to opt-out of direct marketing please contact our Privacy Officer as set out below:

Address: PO Box 411, Kew East, Victoria, Australia, 3102
Phone: +61 3 8737 9333

We take your privacy concerns seriously. Where you express any concerns that we have interfered with your privacy or conducted ourselves inconsistently with this Privacy, we will respond to let you know who will be handling your matter and when you can expect a further response. We aim to resolve your concerns in a fair and efficient manner within 30 days. If your concerns are not resolved to your satisfaction you may complain to the Office of the Australian Information Commissioner in writing as set out below:

Address: GPO Box 5218 Sydney NSW 2001
Fax: +61 2 9284 9666