Privacy Policy

Published by MFAA

Who are we?

‘We’, ‘us’ and ‘our’ refer to the Mortgage & Finance Association of Australia Limited ACN 006 085 552 (MFAA) and all sub-brands and subsidiary entities associated with the MFAA.

The MFAA is a not-for-profit organisation limited by guarantee, and its primary purpose is to advance its members’ interests through leadership in advocacy, education and promotion.

Our commitment to protect your privacy

We understand how important it is to protect your personal information. This document sets out our privacy policy commitment in respect of personal information we hold about you and what we do with that information. The MFAA’s objective is to ensure compliance with the Privacy Act 1988. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 made many significant changes to the Privacy Act. These changes commenced in March 2014. The Privacy Act now includes a set of 13 Australian Privacy Principles (APPs).

We recognise that any personal information we collect about you will only be used for the purposes we have collected it or as allowed under the law. It is important to us that you are confident that any personal information we hold about you will be treated in a way which ensures protection of your personal information.

This statement sets out our policy for dealing with your personal information. This privacy policy does not cover personal information collected or held by the MFAA about its employees.

What kinds of personal information does the MFAA collect?

When we refer to personal information we mean information or an opinion about an identified individual, or an individual who is reasonably identifiable (regardless of whether the information or opinion is true or not, or recorded in a material form or not).

The personal information we collect about you may also include sensitive information. Sensitive information includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record or health. We will only collect and hold sensitive information about you with your consent, and only if we consider it reasonably necessary for, or directly related to, one of our functions or activities.

The kinds of personal information we may collect about you include your name, date of birth, address, account details, occupation and any other information we may need to identify you.

For the purposes of obtaining or renewing Membership of the MFAA, the MFAA will need to collect personal information (including sensitive information) about you including but not limited to:

  • police records;
  • your credit history records;
  • photographic and other identification records;
  • educational qualification records;
  • insurance information; and
  • any other personal information that the MFAA Board reasonably determines is required from time to time.

Why we collect your personal information

We collect personal information so we can:

  • assess your membership application;
  • assess our business dealings with you;
  • provide a range of membership services;
  • manage your membership of the MFAA;
  • communicate with our members and other organisations and individuals with an interest in the mortgage and finance industry; and
  • identify, understand and respond to policies, ideas, attitudes and opinions of members to adequately represent them and the mortgage and finance industry.

To enable us to maintain a successful relationship with you, we may disclose your personal information to other organisations that provide products or services used or marketed by us.

How do we collect your personal information?

Where reasonable and practical we will collect your personal information directly from you. This may include data collection through your interactions with us in writing or via electronic media.

Our websites may also offer interactive facilities, including customer enquiry, comment and competition entry forms, where personal information may be collected. If you access these facilities using a social media account, this means that you authorise us to collect information about you from that social media profile.

Do we disclose your personal information?

We may disclose your personal information:

  • to other organisations that are involved in managing or administering our services such as third party suppliers, printing and postal services, call centres;
  • to associated businesses that may want to market products or services to you where the MFAA has authorised it;
  • to companies that provide information and infrastructure systems to us;
  • to our representatives, such as our legal advisers, MFAA Investigating Officer and the MFAA Tribunal;
  • limited to your name, business name and location on the MFAA’s website when you have been found by an MFAA Tribunal to have engaged in serious misconduct;
  • to anyone, where you have provided us consent; or
  • where we are required to do so by law, for example where ASIC or a government agency requests information that the MFAA holds about a Member.

We may also disclose personal information to other businesses in accordance with the MFAA Constitution, Code of Practice, or Disciplinary Rules. Visit the Member Governance section to view these documents.

The MFAA will disclose the membership status of your individual or business membership to lenders and aggregators and members of the public upon request. Lists of ceased and terminated members may be sent to members, aggregators and lenders. This information is limited to your member number, name, business name, status and expiry date of membership.

Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that:

(a) the person or organisation has a commitment to protecting your personal information at least equal to our commitment, or
(b) you have consented to us making the disclosure.

Data storage

The MFAA may store your information using ‘cloud’ technology. The MFAA has taken reasonable steps to ensure that your personal information remains secure. This technology allows greater interaction so that you may access your details online in a protected environment.

Cloud computing is information technology infrastructure that hosts applications, software, computing platforms and/or data at offsite data centres. Data stored in this infrastructure is accessed via the internet, rather than being hosted on and accessed through a local computer’s hard drive or local dedicated server. The servers used in a cloud computing solution may be located in Australia or overseas, depending on the service provider.

Direct marketing

From time to time we may use your personal information to provide you with current information about finance, offers you may find of interest, changes to our organisation, new products or services being offered by us or any company with whom we are associated or relevant industry news deemed relevant to our Members. We may provide this information using any contact number or address provided, including without limitation by post, phone, email or SMS.


We will assume that you consent to receive direct marketing communications in the above ways if you do not opt out when we offer you the opportunity to do so. We will always provide an opt-out message in all forms of direct marketing in line with the APPs. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity. You may also opt-out of receiving direct marketing at any time by contacting our Member Centre on:

Phone: 718 455 0031
Email: ua.moc.aafm@pihsrebmem

The MFAA does not disclose personal information it has collected to organisations outside of the MFAA or its associated businesses for the purpose of direct marketing.

Despite any opt-out, the MFAA will contact you about membership renewal and data confirmation, member elections and under its statutory obligations.

Updating your personal information

It is important to us that the personal information we hold about you is accurate and up to date. During the course of our relationship with you we may ask you to inform us if any of your personal information has changed.

If you wish to make any changes to your personal information, you may contact us. We will generally rely on you to ensure the information we hold about you is accurate or complete.

Access and correction to your personal information

We will provide you with access to the personal information we hold about you. You may request access to any of the personal information we hold about you at any time.

Depending on the type of request that you make we may respond to your request immediately, otherwise we usually respond to you within seven days of receiving your request.

There may be situations where we are not required to provide you with access to your personal information, for example, if the information relates to existing or anticipated legal proceedings, or if your request is vexatious.

An explanation will be provided to you if we deny you access to the personal information we hold about you.

If any of the personal information we hold about you is incorrect, inaccurate or out of date you may request that we correct the information. If appropriate we will correct the personal information at the time of the request otherwise, we will provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal information within 30 days.

If we refuse to correct personal information we will provide you with our reasons for not correcting the information.

Using government identifiers

If we collect government identifiers, such as your tax file number, we do not use or disclose this information other than required by law. We will never use a government identifier in order to identify you.

Business without identifying you

In most circumstances, it will be necessary for us to identify you in order to successfully do business with you, however, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information, for example, if you make general inquiries about membership, member activities and events or current promotional offers.

How safe and secure is your personal information that we hold?

We will take reasonable steps to protect your personal information by storing it in a secure environment. We may store your personal information in paper and electronic form. We will also take reasonable steps to protect any personal information from misuse, loss and unauthorised access, modification or disclosure.

Notifiable Data Breach Scheme

The MFAA collects personal information about its members. If the personal information that the MFAA holds about any person is compromised by a breach that the MFAA considers is ‘serious’, it will assess that breach as soon as it becomes aware and will fully comply with its obligations under Privacy legislation.


If you are dissatisfied with how we have dealt with your personal information, or if you have a complaint about our compliance with the Privacy Act, please contact MFAA Compliance at:

Phone: 0031509820
Email: ua.moc.aafm@ecnailpmoc

Mailing address:

GPO Box 144
Sydney NSW 2001

We will acknowledge your complaint within seven days. We will provide you with a decision on your complaint within 30 days.

If you are dissatisfied with the response of our complaints officer you may make a complaint to the Privacy Commissioner which can be contacted via the Office of the Australian Information Commissioner website ( or on 299 363 0031.

Further information

You may request further information about the way we manage your personal information by contacting us.

Change in our privacy policy

We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and market place practices.

As a consequence, we may change this privacy policy from time to time or as the need arises.

You may request this privacy policy in an alternative form.

This Privacy Policy was last updated in September 2021.