Macquarie

The claims show adequate coverage of key transparency areas including clear descriptions of information collection, purposes, and contact details. However, critical elements like update notifications, version history, readability considerations, and language accessibility mechanisms are missing, limiting the comprehensiveness required for higher scores.

Comprehensive and specific purpose disclosures with clear enumeration of primary uses including financial services, research, and marketing. Strong coverage of secondary uses, consent requirements, and marketing opt-out mechanisms, though could benefit from more detail on new purpose consent procedures.

The claims provide basic privacy contact information and general staff training commitments, but lack specific details on policy review frequency, change notification processes, named privacy officers, or governance frameworks with timeframes that would demonstrate comprehensive accountability measures.

The claims demonstrate comprehensive and specific data collection disclosures with detailed enumeration of data types, clear collection sources, specific purposes, and good coverage of sensitive information handling. While some areas like legal basis could be more detailed, the disclosures exceed basic requirements with granular specificity.

The claims demonstrate strong specificity with named third parties (Equifax, Illion, Experian, TCS) including contact details, specific purposes for sharing (fraud prevention, credit assessment, regulatory compliance), and clear categories of recipients. The disclosure of offshore locations and onward sharing practices further enhances transparency, though some areas like contractual obligations on recipients could be more detailed.

The claims contain mostly generic security commitments without specific technical details. While they cover basic areas like staff training, cloud storage, and complaint processes, they lack specifics on encryption methods, certifications, or detailed breach notification procedures required for higher scores.

While some specific countries are named (Philippines, India) and basic safeguards are mentioned, the disclosures are largely generic with vague references to unspecified countries and non-specific security measures that don't detail adequacy mechanisms or binding contractual arrangements.

The policy provides basic contact mechanisms (email and website) for exercising access and correction rights, but lacks critical specificity including response timeframes, detailed correction processes, and proper OAIC complaint escalation pathway. The vague commitment to 'respond after review' without statutory timeframes significantly weakens the disclosure quality.

The policy provides adequate disclosure of various automated decision-making uses including AI/ML tools, credit scoring, fraud detection, and third-party assessments. However, it lacks specificity about the logic used, human review processes, and comprehensive opt-out rights beyond limited marketing contexts.

No relevant claims found in policy.

No specific findings.