CoreLogic Privacy Policy

This Privacy Policy applies to:

This Privacy Policy has been developed in compliance with:

In this Privacy Policy:

CoreLogic maintains a policy of strict confidence concerning your (you, your) personal information (Privacy Policy).  This Privacy Policy applies to the collection, storage, use and disclosure of your personal information by us.  By accessing the following Websites and platforms (Websites), you accept the terms of this Privacy Policy:

This Privacy Policy applies to information provided to us whether via these Websites, in connection with the product or services we offer, or by any other means and demonstrates our policies, procedures and practices for compliance with the Privacy Principles under the Privacy Act.

This Privacy Policy applies in respect of information provided to us by persons under the age of 18 years however, those persons must obtain the consent of a parent or guardian prior to using the Site and the parent or guardian will be responsible for appropriately supervising the person’s use of the Site.

If you have any further questions or if you wish to receive more information on our information practices and Privacy Policy, please contact our Privacy Officer by email:

1. Types of personal information we collect

General Purpose of Collection

All personal information that we or our related bodies corporate collect, is reasonably necessary for the purposes relating to providing our products and services.

We will not collect personal information unless the information is reasonably necessary for or directly related to one, or more of our functions or activities.  If we are unable to collect personal information we reasonably require, we may not be able to do business with you or the organisation with which you are connected.

We predominantly collect information about real property.  Whilst much of this information is not personal information, some of the information we collect, on its own or when matched with other information, may be personal information about you.

Property Data and Analytics Services

The types of information we collect in respect of our Property Data and Analytics Services include:

Platform and Risk Management Services

The types of personal information we collect in respect of our Platform and Risk Management Services include:

Marketing Direct Product

The types of personal information we collect in respect of our Marketing Direct Product include:

Non-personal Information - Property Data and Information

We also collect data about your property which is not personal information at the time we collect it.  For example:

2. How we collect personal information

We may collect personal information about you from a combination of sources including directly from you, from third parties or from publicly available sources.

Direct Collection

If it is reasonable and practical to do so, we will collect personal information directly from you. This will include contact details and other information relevant to providing services to you. This may take place in a number of ways, such as:

We may also collect personal information from third parties such as your representatives and/or publicly available sources of information.

Public Sources

The majority of the information we collect about you or the properties you own will be from public records, which we licence from the relevant government departments and agencies.  Third parties from whom we source publicly available information include:

Third Party Suppliers

Third parties from whom we source other information include:

Collection on Behalf of Others

We collect information on our own behalf and on behalf of others.  Where we collect information on behalf of others, we require that they comply with the Privacy Act and Privacy Principles.

Unsolicited Information

If someone other than you provides us with personal information about you that we did not ask for and we determine that we could have collected this information from you had we asked for it, we will notify you as soon as practicable.  This notice will be given unless to do so would be in breach of an obligation of confidence.  If we could not have collected this personal information, we will lawfully de identify or destroy that personal information.

Sensitive Information

We will not collect any sensitive information from you, revealing your: race, ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships or details of health or disability.

3. Use and disclosure of personal information

Use

We may use personal information about you for the primary purpose of providing our services, and for which you would reasonably expect us to use that information, including sending you information about new developments, products, services and special offers by post, telephone or any form of electronic communication. We may use any email address or other personal information you provide to us at any time for this purpose.

We may also use or disclose information about you:

Disclosure

We will not disclose information that personally identifies you to any third party other than as set out in this Privacy Policy. In order to deliver the services that we provide, we may disclose your personal information to other organisations, only in relation to providing our services to you. We take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to the protection of your personal information.

We may share with third-parties information that is not associated with your name or identity, such as Website usage information, non-personally identifiable demographic information, information about properties and aggregate user statistics in accordance with applicable law.

We may provide certain information about you including your personal information to our related bodies corporate.

Unauthorised access use or disclosure

In the event of a security incident involving unauthorised access, use or disclosure of personal information where a third party with whom we share personal information is involved, we will seek to work cooperatively with them to protect the personal information we have shared with them.

Property Data and Analytics Services

For our Property Data and Analytics Services, we collect personal information for the purposes of:

In order to achieve the above purposes, we may use or disclose your personal information to:

In addition to the above, when you sign up for a services (such as Property Value), we may obtain your consent to provide you with news and information, as well as promote and market products, services and special offers made available by us, our related companies and third parties (unless you ask us not to).  We will only ever direct market to you where we have collected the information directly from you or where you have consented to receiving direct marketing communications.

Where we collect information from publicly available sources, such as the valuer general office in each State and Territory, our use of this information must be in accordance with the rules set down by the relevant information provider. These rules are contained in the terms of consumer contracts (see, for example our Australian General Terms located here https://www.corelogic.com.au/legals/terms-conditions and our NZ General Terms located here: https://www.corelogic.co.nz/legals/product-terms-and-conditions (General Terms)).

The information provider’s rules may be amended from time to time and therefore so too will the terms of General Terms.

We may also use or disclose information about you where we have obtained your consent, where we have obtained the information from another party (including the valuer generals department of your state government, LINZ or Territorial Authorities in New Zealand) for a specified purpose, or as required by relevant laws, statutes, regulations, codes and external payment systems.

Platform and Risk Management Services

For Platform and Risk Management Services, we collect your personal information for the primary purposes of assisting mortgage originators (including their brokers) to:

We may use your personal information to perform risk analytics and provide a report back to the mortgage originator.

The personal information provided to us by mortgage originators will only be disclosed to the third party service providers for the purpose of enabling them to provide the services requested.  Similarly, any report provided to us by the third party service providers will only be disclosed to the mortgage originators who requested the service.

The personal information collected for the purposes of providing Platform and Risk Management Services is not used or disclosed for any other purpose.

4. Direct marketing

Direct Marketing by CoreLogic

We may use personal information we have collected about you for the primary purpose of providing our services, and for other purposes for which you would reasonably expect us to use that information. This includes sending you information about new developments, products, services and special offers by post, telephone or any form of electronic communication. You authorise us to use any email address or other contact information you provide to us at any time for this purpose.

Where we have obtained your consent, we may also send marketing messages on behalf of our third party commercial partners.

Opt Out

You can opt out of receiving marketing material from us at any time by contacting us by email:

You agree and acknowledge that even if you opt out of receiving marketing material from us, we will still send you essential information that we are legally required to send you relating to the services we provide. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our distribution lists may take several business days after the date of you request to be removed.

Marketing Direct – Direct marketing by third parties

We collect your personal information from third party marketing database providers for the purposes of providing the Marketing Direct product to our subscribers.  The Marketing Direct database is not validated against any other personal information we collect for other purposes.

We also collect publicly available non-personal information about properties, such as number of bathrooms, bed-rooms and listing information and other modelled inferences about properties.  This information may be supplied to third parties for their use in direct marketing campaigns, including through combining with contact details contained in Marketing Direct.

We obtain contractual warranties from the database providers that the personal information they collect complies with the Privacy Act

Your personal information may be disclosed to our subscribers for the purposes of direct marketing their products and services to you.  Our terms and conditions with our subscribers require that they comply with the Privacy Act in all direct marketing communications with you.

If you wish to be removed from our Marketing Direct database, please contact our Privacy Officer by email at:

Cordell Sum Sure Lead Gen Product/Cordell Sum Sure Direct to Consumer Services– Direct marketing by third parties (Australia and New Zealand)

For our Cordell Sum Sure Lead Gen Product and Cordell Sum Sure Direct to Consumer Services, we collect your personal information via our Cordell Sum Sure Direct to Consumer Services for the purposes of:

Your personal information and the Sum Sure Output may be disclosed to our Commercial Partners for the purposes of them direct marketing their products and services to you. Our terms and conditions with our Commercial Partners require that they comply with the Privacy Act in all direct marketing communications with you.

The types of personal information we collect in respect of the Cordell Sum Sure Lead Gen Product via our Cordell Sum Sure Direct to Consumer Services include:

If you wish to be removed from our Cordell Sum Sure Lead Gen database, please contact our Privacy Officer by email at:

Commercial Partners means insurance companies, insurance brokers, and other providers in or to the insurance industry who have a contractual relationship with CoreLogic from to time.

Cordell Sum Sure Direct to Consumer Services means the services available at, and provided by CoreLogic via, the following websites: www.sumsure.cordell.com.au and www.sumsure.co.nz.

Information not used for Direct Marketing

Where we collect information from Government sources such as the Valuers General Office in each State and Territory in Australia; or LINZ, Southland DC or Christchurch Council in New Zealand (Government Data Sources), we do not use this information (or allow or customers and subscriber to use this information) for direct marketing purposes.

When we licence personal information which has been obtained from Government Data Sources to our customers and subscribers as part of a Property Data and Analytics Service offered by us, we require them:

5. Third Parties and your information

We will only collect, store, use or disclose personal information as set out in this Privacy Policy unless we are required by law to use that information to protect our rights or property (or those of any third party), or to avoid injury to any person.

Although the Site may link directly to Websites operated by third parties (Linked Websites), you acknowledge that Linked Websites are not operated by us.  We encourage you to always read the applicable privacy Policy of any Linked Site on entering the Linked Site.  We are not responsible for the content or practices of the Linked Websites nor their privacy policies regarding the collection, storage, use and disclosure of your personal information.

6. Disclosure of Information Overseas

For CoreLogic’s Australian businesses, we store and retain your personal information in Australia.

For CoreLogic’s New Zealand businesses, we store and retain your personal information in New Zealand and Australia.

However, people located overseas may be able to access your personal information in order to provide data entry and development services to us in the provision of our Products and Services.  In the vast majority of these cases access is strictly limited, and under the supervision and control of our Australian based product team. Such access will only be under secure protocols (see below for further information on Storage and Security).  Our overseas services providers are located in:

Some of our products and services accessible via our web services portals may be accessed by customers located overseas.

Whenever your personal information is disclosed to, or accessed by, a person located overseas, this will only occur where:

By providing us with your personal information you consent to disclosure as set out in this Privacy Policy.

7. Your consent

By using the Websites, you consent to the collection, storage, use and disclosure of your personal information in accordance with this Privacy Policy and as otherwise permitted under the Privacy Act.

Where you provide information directly to us, you consent to use and disclosure of that information in accordance with this Privacy Policy.

8. Cookies

When you visit the Site the server may attach a "cookie" to your computer's memory.  A “cookie” assists us to store information on how visitors to the Website use it and the pages that may be of most interest.  This information may be used by CoreLogic (including by or on behalf of our third party commercial partners) to provide users of your computer with information that we think may interest the users of your computer.

Cookies also allow us to provide you with more personalised service.  We use cookies to:

However, this information is not linked to any personal information you may provide to the Websites and cannot be used to identify you.

Analytics

We may use third party analytics service providers, including but not limited to Google Analytics, to evaluate and provide us with information about the use of the Website. Your IP address and other information will be collected by automated means to report on your use of the services. These third-parties use cookies, web beacons, pixels, embedded scripts and other, similar technologies to automatically collect information about your Website use, report Website trends, and help us compile Website metrics.  You can learn about Google’s specific practices by going to www.google.com/policies/privacy/partners/.  For more information about how Google Analytics uses your information please click here.

Opting out from Cookies and analytics

You may withdraw or change your cookies consent at any time by modifying your browser settings to accept or decline cookies. You may also go to www.allaboutcookies.org or www.youronlinechoices.eu if you are in Europe, or to www.aboutads.info/choices if you are anywhere else for instructions on how to disable cookies.

If you choose to configure your computer so that it disables cookies or does not accept them, you may not be able to make full use of our Websites.

You may opt-out from Google Analytics here or by downloading the Google Analytics opt-out browser add-on, available at: https://tools.google.com/dlpage/gaoptout.  In some instances, when you opt-out, a new cookie (Opt-Out-Cookie) is placed in your web browser. This tells the third party provider to cease data collection from your browser and prevents advertisements from being delivered to you.

9. Storage and security

We will use all reasonable endeavours to keep your personal information in a secure environment, however, this security cannot be guaranteed.  Your use of our Websites and the electronic storage of your personal information is secured by practices and procedures which we consider are consistent with Australian and New Zealand industry standards.  All orders placed online using a credit card are covered by SSL security technology to protect customer details.  These security measures are designed to ensure your personal information is not subject to unauthorised access, loss or misuse.  If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us (see Contact Us below).

If we no longer need your personal information, unless we are required under Australian or New Zealand law or a court or tribunal order to retain it, we will take reasonable steps to destroy or de-identify your personal information, in accordance with our document and information retention policy.

Notwithstanding the reasonable steps taken to keep information secure, breaches may occur.  In the event of a security incident we have in place procedures to promptly investigate the incident and determine if there has been a data breach involving personal information, and if so, to assess if it is a breach that would require notification.  If it is, we will notify affected parties in accordance with Privacy Act requirements.

10. Variation and consent to variation

We may vary the terms of this Privacy Policy at any time.  You should check this Privacy Policy regularly so that you are aware of any variations made to this Privacy Policy.  You will be deemed to have consented to such variations by your continued use of the Site following such changes being made.

11. Accuracy of your information

We take all reasonable steps to ensure that your personal information held by us is accurate, up-to-date, complete, relevant and not misleading.  If you believe that any of your personal information is not accurate, up-to-date, complete, relevant and not misleading, please contact us (see Contact Us below) and we will take all reasonable steps to correct it within a reasonable time.

12. Access to information we hold about you

You may request to access the personal information we hold about you.  We will endeavour to respond to any such request within a reasonable period of time and as required under the Privacy Act and, where reasonable and practicable, give access to the information in the manner you request.  This will be subject to any exemptions allowed under the Privacy Act. You may request this information by writing to the Privacy Officer (see Contact Us below).

We may charge a reasonable fee for providing that information.

13. Complaints or Disputes

If you have a complaint about our treatment of your personal information, please contact our Privacy Officer (see Contact Us below).  Our Privacy Officer will consider and if, in our reasonable opinion, necessary, investigate your complaint and endeavour to respond to you within a reasonable period of time.

If we do not adequately answer your concerns, you have the right to make a complaint as follows:

14. Contact Us

If you have any questions relating to this Privacy Policy or your personal information, please contact our Privacy Officer in your jurisdiction as follows:

Australia

New Zealand

email

privacy@corelogic.com.au

privacy@corelogic.co.nz

Mailing address

CoreLogic Asia Pacific
Level 6a, 388 George Street
Sydney NSW 2000
Australia

CoreLogic NZ Limited
Level 5, 41 Shortland Street,
Auckland 1010
New Zealand

Telephone

1300 734 318

+64 (4) 915 6000

When contacting us or using our products and services, you have the option to either not identify yourself or to use a pseudonym.  However, this will not apply if it is impracticable for us to communicate with you that way.  We are required to verify your identity if you wish to exercise any of your rights in relation to your personal information held by us.

15. Annex - Processing of Personal Data (Residents of the EEA, Switzerland and UK)

CoreLogic provides additional information to its EEA, Switzerland and UK based users to comply with data protection laws.

What is personal data?

“Personal data” is information about you (a “data subject”) the use of which is governed by applicable data protection laws. It will include any information from which you can be identified, directly or indirectly, in particular by reference to an identifier such as your name, an identification number, location data, an online identifier or other information about your identity. Most information collected about you on the Website will constitute personal data.

Who is responsible for your personal data?

If you use our Website, the data controller is CoreLogic Solutions Limited, 1st floor, 39 Houndsditch, London EC3A 7DB. CoreLogic Solutions Limited is registered as a data controller with the Information Commissioner’s Office in the UK (registration number Z6322218).

What is the legal basis for processing your personal data?

On some occasions, we process your personal data with your consent, for example, when you agree to receive our newsletter or to deal with your enquiries.

On other occasions, we process your personal data when we need to do this in order to fulfil a contract with you, such as granting you access to our online services.

We also process your personal data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights. For example, we may process your personal data in our legitimate interests to ensure that our Website and services are provided efficiently and in an user-friendly and personalised manner taking into account user feedback, data and profiles, unless consent is required for any such processing under applicable law. We will process personal data to ensure the security of our business and the information of our users, and to ensure the proper and efficient administration of our business. You may contact us for further information.

Finally, we will process your personal data where we are required to do this by law. For example, where we have to fulfil anti-money laundering requirements or disclose information under a court order.

Data transfers

Personal data that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the personal data in accordance with this Privacy Policy.

Personal data which you provide may be transferred to our group companies, commercial partners, suppliers or agents located outside your country as set out above. We will ensure adequate protection of personal data transferred outside of your country as required under applicable laws. For example, if you are located in the EEA, Swiss or in the UK, we may enter into model clauses with the recipient. You may contact us for a copy of the safeguards which we have put in place to protect your personal data in these circumstances.

In addition, personal data that you submit for publication on the Website will be published on the internet and may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.

How long does CoreLogic keep personal data?

CoreLogic keeps your personal data for only as long as required to provide you with the necessary Website content and services and to carry out the processing set out in this Privacy Notice, and in line with its obligation under applicable law. This means that we will generally not keep your personal data for longer than six years following your last interaction with us, and the actual retention period will often be shorter. You may contact us for further information.

Your rights

Data subjects may ask us for a copy of their personal data, to correct it, erase it or to transfer it to other organisations at their request. Data subjects also have rights to object to some processing including profiling and, where we have asked for their consent to process the data subject’s personal data, to withdraw this consent. In particular, data subjects have the right to object to direct marketing at any time. Where a data subject withdraws their consent, this will not affect the legitimacy of the processing conducted prior to your request.  Where we process personal data because we have a legitimate interest in doing so (as explained above), the data subject has a right to object to this. Where we make a decision based solely on automated processing which significantly affects the data subject, he or she may have the right to contest the decision, express his or her point of view and obtain human intervention.

These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your personal data.

Please use the contact information set out in our Contacting Us section above. We will aim to acknowledge your enquiries within 72 hours and respond within one month, unless otherwise required by law.

We hope that we can satisfy queries you may have about the way we process your personal data. However, if you have unresolved concerns you also have the right to complain to your local data protection authority.

16. General

This Privacy Policy is effective as at 02 December 2022.

CoreLogic may vary this Privacy Policy from time to time.  CoreLogic will notify you of these changes by publishing them on our Websites.  The current version of this Privacy Policy is located at:

CoreLogic® is a registered trademark of CoreLogic Solutions, LLC and used under licence by RP Data Pty Ltd.