Privacy Policy

Last updated: 20 March 2026

1. About This Privacy Policy

In this Privacy Policy, “us”, “we”, “our” or “Lagos Financial” means Lagos Financial Pty Ltd (ABN 39 660 364 170, ACN 660 364 170), holder of Australian Credit Licence No. 546774 (AFCA Member No. 98399), and includes its corporate credit representative Lagos Financial Servicing Pty Ltd (ABN 13 694 632 383, ACN 694 632 383, Credit Representative Number 576488, AFCA Member No. 120631).

Lagos Financial Servicing Pty Ltd is authorised to provide credit assistance on behalf of Lagos Financial Pty Ltd under its Australian Credit Licence. References to “Lagos Financial” in this Privacy Policy include both entities unless the context requires otherwise.

This Privacy Policy sets out our commitment to protecting the privacy of your personal information provided to us, or otherwise collected, used, stored, handled or disclosed by us when you use our website (lagosfinancial.com.au), our services, or otherwise interact with us, in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) as amended by the Privacy and Other Legislation Amendment Act 2024.

By using our website or services, or providing personal information to us, you acknowledge that we will collect, use, store, handle and disclose your personal information in accordance with this Privacy Policy. We may update this Privacy Policy from time to time by publishing changes on our website. We encourage you to check this page periodically.

“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not. This includes, for example, your name, contact details, financial information, and credit-related information.

2. What Personal Information We Collect

We collect personal information that is reasonably necessary to provide our credit assistance and financial services. The types of personal information we may collect include:

  • Identity information: name, date of birth, gender, government-issued identification documents (e.g. driver’s licence, passport, Medicare card).
  • Contact information: mailing or street address, email address, telephone number.
  • Financial information: income details, employment information, bank statements, existing debts and liabilities, assets, expenses, tax file number (where required by law), superannuation details.
  • Credit information: credit history, credit score, details of credit accounts, repayment history, credit applications.
  • Sensitive information: health information (where relevant to insurance or lending decisions), and only where you have provided consent or as required by law.
  • Technical information: IP address, browser type and version, device type, operating system, time zone setting, cookie data, pages visited, session duration, referral source.
  • Communication records: records of your correspondence with us (emails, phone calls, chat messages, form submissions, booking details).
  • Third-party data: information we receive from lenders, credit reporting bodies, or other third parties in connection with your credit application.

Sensitive Information

Under the Privacy Act 1988, “sensitive information” includes information about an individual’s race, ethnic origin, political opinions, religious beliefs, health, genetics, biometrics, and criminal record. We will only collect sensitive information where it is reasonably necessary for our functions (for example, health information relevant to a loan or insurance application), with your consent, or where required or authorised by law.

3. How We Collect Personal Information

We collect personal information in the following ways:

  • Directly from you: when you submit a loan enquiry or application, complete a form on our website, communicate with us by phone, email, or chat, book an appointment, or provide documents in support of a credit application.
  • From third parties: from lenders, credit reporting bodies (e.g. Equifax, Illion, Experian), real estate agents, accountants, solicitors, or other referral partners who introduce you to us.
  • Through our website and technology: automatically through cookies, tracking pixels, analytics tools, and embedded third-party services when you visit our website (see Section 8 below).
  • Through our CRM platform: information collected and stored in our customer relationship management system (see Section 7 below for details about Evolve Broker / EBCRM, powered by Effi).

4. How We Use Your Personal Information

We use your personal information for the following purposes:

  • To provide you with credit assistance services, including assessing your borrowing capacity and identifying suitable loan products.
  • To submit loan applications to lenders on your behalf and facilitate the settlement process.
  • To verify your identity, financial position, and creditworthiness as required under responsible lending obligations (National Consumer Credit Protection Act 2009).
  • To communicate with you about your loan application, provide updates, reminders, and respond to your enquiries.
  • To comply with our legal and regulatory obligations, including reporting to ASIC, AFCA, and credit reporting bodies.
  • To manage our internal business operations, including record-keeping, auditing, training, and quality assurance.
  • To send you marketing and promotional information about our services or those of our partners that may be of interest to you (with your consent, and subject to your right to opt out at any time).
  • To analyse and improve our website, services, and user experience through analytics and research.
  • To manage complaints and disputes.

5. Who We Disclose Your Personal Information To

We may disclose your personal information to the following categories of recipients:

  • Lenders and credit providers: to assess and process your loan application.
  • Credit reporting bodies: including Equifax, Illion, and Experian, for credit checks and reporting.
  • Mortgage insurers: where lenders’ mortgage insurance is required.
  • Valuers: to conduct property valuations.
  • Our CRM and technology providers: including Evolve Broker Pty Ltd (EBCRM, powered by Effi), which processes data on our behalf (see Section 7).
  • Aggregator / licensee: where relevant to our licence obligations.
  • Professional advisors: including solicitors, accountants, auditors, and compliance consultants.
  • Government and regulatory bodies: including ASIC, the OAIC, AUSTRAC, and AFCA, where required by law.
  • Referral partners: real estate agents, accountants, financial planners, or other professionals who referred you to us.
  • Referred service providers: third-party professionals to whom we may refer you, such as buyers’ agents, conveyancers, financial planners, insurance brokers, and accountants. We may share limited personal information (such as your name and contact details) with these providers to facilitate the referral, and only with your knowledge.
  • Third-party service providers: who assist us in operating our website and delivering services (see Sections 7 and 8 for full details).
  • Outsourced compliance and audit providers: including QED Risk Services, which may access your file information when conducting compliance audits on behalf of our licensee (see Section 9 for overseas disclosure).
  • Courts, tribunals, and law enforcement: where required or authorised by law.

We will not sell your personal information to any third party.

Referral Arrangements

From time to time, we may refer you to third-party service providers whose services we believe may benefit you in connection with your property or finance goals. These may include, but are not limited to, buyers’ agents, conveyancers, financial planners, insurance brokers, and accountants.

Where we make such a referral, the third-party provider may pay us a referral fee or commission for the introduction. This fee is not payable by you. We will only share the personal information necessary to facilitate the referral (typically your name and contact details), and the referred provider will be subject to their own privacy obligations under the Privacy Act 1988.

You are under no obligation to use any referred service provider. Full details of referral commissions are disclosed in our Credit Guide, which is provided to you before we provide credit assistance.

6. Financial Services Data Handling

As the holder of Australian Credit Licence No. 546774, we handle sensitive financial data in the course of providing credit assistance. Credit assistance may be provided directly by Lagos Financial Pty Ltd or through its corporate credit representative, Lagos Financial Servicing Pty Ltd (CRN 576488). This section explains how we manage this data.

6.1 Credit Applications

When you apply for a loan through us, we collect comprehensive financial information including income, expenses, assets, liabilities, and supporting documentation. Loan applications are submitted through SalesTrekker (wef.salestrekker.com), a secure loan processing platform used by mortgage brokers. SalesTrekker processes your full financial details and identification documents in connection with your application.

6.2 Responsible Lending

Under the National Consumer Credit Protection Act 2009 (NCCP Act), we are required to make reasonable inquiries about your financial situation and verify the information you provide before suggesting a credit product. We retain records of these inquiries and assessments. You may request a copy of the preliminary credit assessment we prepared for you for up to 7 years after we provided credit assistance.

6.3 Retention of Financial Records

We retain financial records and loan application documentation for a minimum of 7 years from the date of the last interaction, in accordance with NCCP Act requirements and tax law obligations. After this period, records are securely destroyed or de-identified.

6.4 AFCA Membership

Both Lagos Financial Pty Ltd and Lagos Financial Servicing Pty Ltd are members of the Australian Financial Complaints Authority (AFCA). If you have a complaint about how we have handled your personal information in the context of financial services, you can contact AFCA:

  • Lagos Financial Pty Ltd — AFCA Member No. 98399
  • Lagos Financial Servicing Pty Ltd — AFCA Member No. 120631
  • Online: www.afca.org.au
  • Phone: 1800 931 678
  • Email: info@afca.org.au
  • Mail: GPO Box 3, Melbourne VIC 3001

7. Third-Party Service Providers

We use a range of third-party services to operate our business and website. These services may collect, process, or store personal information on our behalf. Below is a comprehensive disclosure of all third-party services and the data they access.

7.1 CRM Platform — Evolve Broker / EBCRM (Powered by Effi)

Our customer relationship management (CRM) system is EBCRM, provided by Evolve Broker Pty Ltd (ACN 681 110 832) and powered by Effi Technologies (effi.com.au), an Australian-built, SOC 2 compliant CRM platform for mortgage brokers. This system manages client communications, bookings, fact-finding, document collection, workflow automation, and back-book monitoring.

Effi’s platform incorporates artificial intelligence features including AI-powered SMS, voice agents, and document management. Evolve Broker’s services additionally use AI sub-processors including OpenAI, Google Gemini, and other LLM providers. Data processed through EBCRM may be transferred to the United States where these cloud and AI services are hosted. For details, see Evolve Broker’s Privacy Policy at evolvebroker.ai/privacy-policy/.

7.2 Loan Processing — SalesTrekker

Loan applications are submitted and managed through SalesTrekker (wef.salestrekker.com). SalesTrekker processes your full financial details, identification documents, and credit information in connection with your loan application.

7.3 Loan Comparison — LoanOptions Widget

Our website features a LoanOptions comparison widget that allows you to explore indicative loan options. If you enter information into this widget (e.g. loan amount, income), that information is transmitted to LoanOptions.

7.4 Website Hosting & Security

  • Bluehost / Newfold Digital: Our website is hosted by Bluehost (Newfold Digital). All server-side data, databases, and emails are stored on Bluehost infrastructure.
  • Cloudflare: Our website uses Cloudflare for content delivery, performance optimisation, and security. Cloudflare processes IP addresses, TLS data, and request metadata.
  • WordPress.com: Our website runs on WordPress, which sets standard cookies for site functionality.

7.5 Contact & Communication

  • Contact Form 7: Contact forms on our website are powered by Contact Form 7. Information you submit (name, email, phone, message) is transmitted to our email and CRM.
  • Effi / EBCRM widgets: Chat widgets, booking forms, and lead capture forms on our website are powered by our CRM platform (Effi / Evolve Broker). These collect your name, email, phone number, booking details, and chat messages.

7.6 Reviews & Testimonials

  • TrustIndex: We use TrustIndex (cdn.trustindex.io) to display customer reviews. TrustIndex may set cookies on your device.

7.7 Embedded Content

  • Google Maps: We embed Google Maps iframes to display our office locations. Google may collect your IP address and location data through these embeds.
  • YouTube: We embed YouTube videos on our website. YouTube (Google) may collect viewing behaviour data and set cookies through these embeds.
  • Google Fonts: Our website loads fonts from Google Fonts servers, which transmits your IP address to Google.

8. Cookies, Tracking Pixels & Analytics

Our website uses cookies, tracking pixels, and analytics tools to understand how visitors use our site, to measure advertising effectiveness, and to improve our services. In accordance with the OAIC’s November 2024 guidance on tracking pixels and privacy obligations, we disclose the following:

8.1 Google Analytics (via Google Tag Manager)

We use Google Analytics to analyse website traffic and user behaviour. Google Analytics collects: IP address, device information, pages visited, session duration, referral source, and demographic data. This data is processed by Google and may be transferred to the United States. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

8.2 Facebook Pixel (Meta)

We use the Facebook Pixel (ID: 783858389886006) for ad tracking, conversion measurement, and remarketing. The Facebook Pixel collects: pages visited, actions taken on our site, device information, and potentially hashed email addresses. This data is transmitted to Meta Platforms, Inc. in the United States. You can manage your ad preferences through Facebook’s Ad Settings.

8.3 Hotjar

We use Hotjar for session recording, heatmaps, and user behaviour analysis. Hotjar may collect: mouse movements, clicks, scroll behaviour, form interactions (excluding sensitive fields), and device information. Hotjar does not collect personally identifiable information by default, but interaction data is processed on Hotjar’s servers. You can opt out via Hotjar’s Do Not Track page.

8.4 WordPress & Plugin Cookies

WordPress and its plugins (including SEOPress and WPCode) may set functional cookies necessary for site operation, such as session management and user preferences.

8.5 Managing Cookies

You can control or delete cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Please note that disabling cookies may affect the functionality of our website. We recommend using our cookie consent banner to manage your preferences for non-essential cookies.

9. Overseas Disclosure of Personal Information

Some of the third-party services we use are operated by organisations located outside Australia. By providing personal information to us, you acknowledge that your information may be disclosed to recipients in the following countries:

  • United States: Google (Analytics, Maps, Fonts, YouTube, Tag Manager), Meta/Facebook (Pixel), Hotjar, Cloudflare, OpenAI, and other cloud/AI providers used by Evolve Broker.
  • India: Our outsourced compliance and audit service provider, QED Risk Services, may disclose your personal information to its audit team in India when conducting compliance reviews on behalf of our licensee. This is done to ensure we are meeting our obligations under the National Consumer Credit Protection Act 2009. We have full legal recourse against that overseas service provider as if they were domiciled in Australia, as required by the Privacy Act 1988 (APP 8.1).
  • Other countries: Where our service providers or their sub-processors operate data centres or employ staff.

We take reasonable steps to ensure that overseas recipients handle your personal information in a manner consistent with the Australian Privacy Principles. Where we disclose personal information to Evolve Broker, their privacy policy outlines the specific AI sub-processors and overseas data transfers involved.

10. Automated Decision-Making & AI

Our CRM platform (EBCRM, powered by Effi and provided by Evolve Broker) includes artificial intelligence and machine learning features that may be used to assist with client communications, workflow automation, and administrative tasks. Effi’s platform is SOC 2 compliant and incorporates AI-powered features for document management, SMS, and voice. Additionally, Evolve Broker’s services use AI sub-processors including OpenAI and Google Gemini.

We do not use fully automated decision-making processes to determine your eligibility for credit products. All credit assessments and loan recommendations involve human review by our qualified credit representatives. To the extent that any automated tools assist in preliminary assessments, a human reviewer always makes the final decision.

If you have concerns about how automated tools are used in relation to your information, please contact us using the details in Section 15.

10.1 Forward Note — APP 1.7 to 1.9 (Privacy Act Reforms)

The Australian Government has proposed amendments to the Privacy Act 1988 that, when enacted, will introduce new Australian Privacy Principles 1.7 to 1.9. These provisions will require organisations to include additional information in their privacy policies about automated decision-making that has a significant effect on individuals’ rights or interests.

Lagos Financial is monitoring these reforms. If and when APPs 1.7 to 1.9 come into force, we will update this Privacy Policy to include:

  • A description of any automated decisions with significant effect that we make using personal information.
  • The types of personal information used in those automated decisions.
  • How individuals can request meaningful information about the logic involved.
  • How individuals can request human review of an automated decision.

As at the date of this Privacy Policy, these provisions have not yet commenced. This section will be updated when the relevant legislation receives Royal Assent and a commencement date is confirmed.

11. Data Security

We take reasonable technical and organisational measures to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest where supported by our hosting and service providers.
  • Access controls and role-based permissions to limit who within our organisation can access personal information.
  • Multi-factor authentication (MFA) for access to key systems including our CRM, email, and loan processing platforms.
  • Regular review of our security practices and those of our third-party service providers.
  • Staff training on data handling, privacy obligations, and cybersecurity awareness.
  • Secure destruction or de-identification of personal information that is no longer required.

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your personal information.

12. Data Retention

We retain personal information only for as long as it is needed for the purposes for which it was collected, or as required by law. Our retention periods include:

  • Credit assistance records: 7 years from the date of last credit assistance, as required under the NCCP Act.
  • Financial records: 7 years, in accordance with tax law requirements.
  • Marketing consent records: Retained for the duration of the marketing relationship and for a reasonable period after opt-out.
  • Website analytics data: Retained in accordance with each analytics provider’s retention policy (e.g. Google Analytics default is 14 months).
  • General enquiry records: 3 years from the date of enquiry, unless the enquiry leads to a credit assistance engagement.

After the applicable retention period, personal information is securely destroyed or de-identified.

13. Your Rights

Under the Privacy Act 1988 (as amended), you have the following rights in relation to your personal information:

13.1 Access

You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days. In most cases, access will be provided free of charge, although we may charge a reasonable fee for requests that require significant effort to fulfil. We may need to verify your identity before providing access.

13.2 Correction

If you believe that any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you have the right to request that we correct it. We will take reasonable steps to correct the information and notify any third parties to whom we have previously disclosed it.

13.3 Deletion

You may request that we delete personal information we hold about you where it is no longer necessary for the purpose for which it was collected, and we are not required by law to retain it. Please note that we are legally required to retain certain financial and credit-related records for 7 years and may not be able to delete that information during the retention period. We will inform you if a deletion request cannot be fully accommodated and the reasons why.

13.4 Opt-Out of Marketing

You may opt out of receiving marketing communications from us at any time by:

  • Clicking the unsubscribe link in any marketing email we send.
  • Contacting us directly using the details in Section 15.

We will process your opt-out request promptly. Please note that opting out of marketing does not affect communications relating to your active loan application or credit assistance engagement.

13.5 Preliminary Credit Assessment

You may request a copy of the preliminary credit assessment we prepared in relation to your loan application at any time within 7 years of us providing credit assistance. We will provide this within 7 business days of receiving your request, or within 21 business days if the request is made more than 2 years after the date of our Credit Quote.

14. Data Breach Notification

In the event of an eligible data breach (as defined under Part IIIC of the Privacy Act 1988) that is likely to result in serious harm to you, we will:

  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
  • Notify affected individuals as soon as practicable, including a description of the breach, the types of information involved, and recommended steps you can take.
  • Take reasonable steps to contain the breach and mitigate any harm.

We maintain an internal data breach response plan and regularly review our procedures to ensure compliance with the Notifiable Data Breaches scheme.

15. Complaints & Contact

If you have any questions about this Privacy Policy, wish to exercise any of your rights, or wish to make a complaint about how we have handled your personal information, please contact us:

Privacy Officer

Lagos Financial Pty Ltd

Level 1, 9-13 Bronte Road, Bondi Junction NSW 2022

Email: contact@lagosfinancial.com.au

Phone: 0450 313 606

We will acknowledge your complaint within 1 business day and aim to resolve it within 30 days. If we are unable to resolve your complaint within 30 days, we will write to you to explain why and provide an estimated timeframe for resolution.

If you are not satisfied with our response:

For privacy-related complaints, you may contact the Office of the Australian Information Commissioner (OAIC):

For financial services-related complaints, you may contact the Australian Financial Complaints Authority (AFCA):

16. Statutory Tort for Serious Privacy Invasions

The Privacy and Other Legislation Amendment Act 2024 introduced a statutory tort for serious invasions of privacy, commencing 10 June 2025. Under Part VIA of the Privacy Act 1988, individuals may bring a civil action in the Federal Court or Federal Circuit and Family Court where there has been a serious invasion of their privacy.

16.1 Types of Actionable Invasion

The statutory tort covers two types of invasion:

  • Intrusion upon seclusion: physically or otherwise intruding upon an individual’s seclusion (their private activities, affairs, home, or personal communications) in a manner that a reasonable person would consider highly offensive.
  • Misuse of personal information: using or disclosing an individual’s personal information in a manner that a reasonable person would consider highly offensive.

16.2 Key Elements

  • The invasion must be serious, considering the degree of offence, harm caused, and the public interest (if any).
  • The invasion must involve fault — the respondent acted intentionally or recklessly.
  • The individual must have had a reasonable expectation of privacy in the circumstances.
  • Remedies include damages (including for emotional distress), injunctions, and account of profits, with a statutory maximum of $478,850 for non-economic loss (indexed annually from 10 June 2025).

16.3 Limitation Periods

  • An action must be commenced within 1 year from the date the applicant became aware (or ought reasonably to have become aware) of the invasion of privacy.
  • An absolute limitation period of 3 years applies from the date of the act or omission giving rise to the cause of action.

16.4 Our Commitment

Lagos Financial takes its privacy obligations seriously and is committed to handling all personal information in accordance with the Australian Privacy Principles and applicable law. Our security measures, data handling procedures, and staff training are designed to prevent privacy invasions and protect your personal information.

17. Third-Party Websites

Our website may contain links to websites operated by third parties. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party website you visit. The privacy policies of the following key third-party services referenced in this policy are available at:

18. Changes to This Privacy Policy

We may amend this Privacy Policy from time to time. Any changes will be posted on our website at lagosfinancial.com.au/privacy-policy/. The “Last updated” date at the top of this document indicates when the most recent changes were made. We encourage you to review this Privacy Policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated Privacy Policy.

Loading...