Get a Quote

Privacy Policy

Trading as OptiPay

Last updated: May 2026

Compliant with the Privacy Act 1988 (Cth) and Privacy and Other Legislation Amendment Act 2024 (Cth)

Our Commitment to Protecting Your Privacy

TIM Finance Pty Ltd (ACN: 618 695 604), TIM OpCo Pty Ltd (ABN: 77 620 842 426), TIM Securities Pty Ltd (ACN: 621 934 263) (collectively ‘OptiPay’, and also referred to in this Policy as ‘us’, ‘we’ and ‘our’) is committed to protecting your privacy and handling your personal information in a responsible, transparent and secure manner.

We recognise that personal information you provide to us is important and must be treated with respect. This Privacy Policy explains how we collect, use, store, disclose and protect your personal information, and what your rights are in relation to it.

Our commitment is to abide by the Privacy Act 1988 (Cth) (including the Australian Privacy Principles (APPs)) and any other relevant law, including the Privacy and Other Legislation Amendment Act 2024 (Cth).

Personal Information

When we refer to ‘personal information’, we mean information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information or opinion is true and whether or not recorded in material form.

 

The personal information we collect about you may include your:

  • Name, date of birth and driver’s licence number
  • Phone number, email address and residential/business address
  • Nationality and employment history
  • Financial information relevant to assessing your application
  • Credit-related personal information (see ‘Credit Information’ below)

Due to the nature of our services, we do not collect sensitive information (such as details about your health, race or ethnic background, religion, trade union membership, political opinion, sexual preference or criminal record).

Why We Collect Your Personal Information

We collect and receive personal information about you in order to conduct our business and to provide our services, including:

  • To assess, process and manage your application with OptiPay
  • To verify your identity
  • To provide you with cash flow funding and related financial services
  • To manage and administer our ongoing relationship with you
  • To assess, manage and process any employment application
  • For complaints handling, analytics and improving our services
  • For direct marketing purposes (see ‘Direct Marketing’ below)

How do we collect your personal information?

Personal information about you may be collected in a number of circumstances, including when you:

  • Apply to be a Registered Seller with OptiPay
  • Request that a Trade Invoice Receivable be made available to OptiPay for funding
  • Attend an event hosted by us
  • Apply for employment with us
  • Contact us by telephone, email or through our website

Where reasonable and practical, we will collect your personal information directly from you. We may also collect information from third parties, including via credit searches, searches of directorships and shareholdings, or from other organisations authorised by you.

If you do not provide the information requested, we may not be able to provide our services to you.

If you provide personal information to us about someone else (such as a business partner), you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by privacy laws, we may collect, use and disclose such information for the purposes described in this Privacy Policy. You should ensure the individual is aware of the matters detailed in this Privacy Policy and has provided the relevant consents.

Credit Information

We may collect credit-related personal information about you as part of our services. The kinds of credit-related personal information we may collect include:

  • Information about your identity
  • Information about consumer credit loans and commercial credit you have applied for
  • Repayment history information
  • The type and amount of credit sought in each application
  • Default and payment information
  • Information about court proceedings
  • Information about personal insolvency

Credit Reporting Bodies

We may provide your credit information to a credit reporting body. The credit reporting body may provide the information we report about you to other credit providers to assist them in assessing your creditworthiness. We may also obtain credit information from credit reporting bodies to assist in our assessments.

 

If you fail to meet your payment obligations in relation to any transaction with us, or if you commit a serious credit infringement, we may be required to report this to a credit reporting body.

 

You may contact the following credit reporting bodies for further information or to exercise your rights in relation to your credit information:

You may contact a credit reporting body to:

  • Request access to the credit information they hold about you
  • Request that your credit information not be used for pre-screening of direct marketing by other credit providers
  • Request that your credit information not be used or disclosed if you believe you have been a victim of fraud or if you believe the information is incorrect. The credit reporting body must not use or disclose your credit information for 21 days after receiving your notice

How We Use Your Personal Information

We use your personal information for the purpose for which it has been provided, for reasonably related secondary purposes, any other purpose you have consented to, and any other purpose permitted under the Privacy Act. This may include:

  • Providing you with our products and services
  • Verifying your identity
  • Assessing, processing and managing your application
  • Providing and managing cash flow funding
  • Assessing your creditworthiness and managing credit risk
  • Improving our products, services and systems
  • Complying with our legal and regulatory obligations
  • Complaints handling and analytics

Who We Disclose Your Personal Information To

To maintain a successful business relationship with you and to provide our services, we may disclose your personal information to:

  • Financial intermediaries and business partners (as approved by you)
  • Credit search organisations and credit reporting agencies
  • ASIC and other regulatory bodies
  • Lenders, valuers, accountants and lawyers
  • Credit insurers and trade credit insurance providers
  • Any organisation that may have or is considering having an interest in invoice and debtor ledgers, or in our business

By providing us with your personal information, you consent to us disclosing your information to such entities without obtaining your specific consent on a case-by-case basis.

 

We may also be required or authorised by law to disclose your personal information to a Court, Tribunal, law enforcement agency, or the Australian Taxation Office in response to a lawful request.

International Disclosure of Personal Information

Some of our third-party service providers, including information technology and cloud storage providers, are located outside Australia. Where we disclose your personal information to overseas recipients, we take steps to ensure that those recipients handle your information in accordance with the Australian Privacy Principles or equivalent standards, including by including appropriate contractual obligations in our agreements with those recipients.

Under the Privacy and Other Legislation Amendment Act 2024 (Cth), the Australian Government has the power to designate countries that provide substantially similar privacy protections to Australia’s. Where a recipient is located in such a designated country, this may facilitate the disclosure of your personal information overseas. We will update this Policy as relevant designations are made.

Please be aware that some countries where our service providers are located may not have privacy laws equivalent to those in Australia. Our contracts with overseas service providers require them to comply with Australian privacy law standards and this Privacy Policy to the extent applicable.

You may contact us using the details below for more information about our overseas disclosure practices.

Security of Your Personal Information

We take the security of your personal information seriously. We implement reasonable technical and organisational measures to protect your personal information from misuse, loss, and unauthorised access, modification or disclosure. These measures include:

Technical measures

  • Encryption of data in transit and at rest
  • Firewalls, access controls and password protections
  • Secure cloud storage with reputable providers
  • Regular security monitoring and testing

Organisational measures

  • Internal privacy and data security policies and procedures
  • Staff training on privacy obligations and secure data handling
  • Restricting access to personal information on a need-to-know basis
  • Regular review of our security practices to address evolving threats and risks

When personal information is no longer needed for any purpose for which it may be used or disclosed, we will take reasonable steps to destroy it or permanently de-identify it.

Data Breaches

OptiPay is subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). The NDB scheme requires us to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when we become aware of an eligible data breach.

What is an eligible data breach?

An eligible data breach occurs when:

  • There is unauthorised access to, or unauthorised disclosure of, personal information that we hold, or personal information is lost in circumstances where unauthorised access or disclosure is likely to occur; and
  • A reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates

What happens if there is an eligible data breach?

If we become aware of an eligible data breach, we will:

  • Contain the breach and take steps to reduce the risk of harm to affected individuals where possible
  • Assess the breach to determine whether it is likely to result in serious harm
  • Notify the OAIC as soon as practicable after becoming aware of the breach
  • Notify affected individuals as soon as practicable, including information about the nature of the breach and steps individuals can take to protect themselves

We maintain an internal data breach response plan and conduct regular reviews to ensure our response procedures remain effective and consistent with the NDB scheme requirements.

 

If you believe your personal information held by us may have been compromised, please contact us immediately using the details at the end of this Policy.

Automated Decision-Making

From 10 December 2026, the Privacy Act 1988 (Cth) will require organisations to disclose the use of automated decision-making systems that use personal information to make, or significantly assist in making, decisions that could reasonably be expected to significantly affect the rights or interests of individuals.

 

OptiPay uses and may use technology-assisted processes in the assessment of applications for funding and related services. We are currently reviewing our use of such systems and will update this Privacy Policy ahead of the 10 December 2026 commencement date to provide the disclosures required under the amended Privacy Act.

Note: Where any automated or rules-based process is used in an assessment that significantly affects your application, human review is available. If you have questions about how decisions relating to your application are made, please contact us.

Direct Marketing

From time to time we may use your personal information to provide you with current information about special offers, changes to our organisation, or new products or services being offered by us or any business we are associated with. By providing us with your personal information, you consent to us using your information to contact you for this purpose, including by mail, email, SMS, social media, telephone and via our online platform.

 

If you do not wish to receive marketing information, you may decline at any time by contacting us using the details at the end of this Policy. We will not charge you for giving effect to your request and will take all reasonable steps to comply as soon as possible.

Your Privacy Rights

Under the Privacy Act and the Privacy and Other Legislation Amendment Act 2024 (Cth), you have a number of rights in relation to your personal information:

Right to access your personal information

You may request access to the personal information we hold about you, including credit-related personal information, at any time. We will provide access subject to limited exceptions permitted by the Privacy Act. We may charge a fee to cover our reasonable costs in retrieving and supplying the information.

To request access, contact us using the details below.

Right to correct your personal information

If you believe that personal information we hold about you is inaccurate, incomplete or out of date, you may request that we correct it. We will generally rely on you to inform us of any inaccuracies and will take reasonable steps to correct the information.

Right to make a complaint

If you believe we have mishandled your personal information, you may make a complaint by contacting our Privacy Officer using the details below. We will investigate the complaint and provide a response within 15 business days, provided we have all necessary information. In cases where further investigation is required, we will seek to agree alternative timeframes with you.

Right to take direct legal action for serious invasions of privacy

Under the Privacy and Other Legislation Amendment Act 2024 (Cth), which took effect from 10 June 2025, individuals have a statutory right to bring a direct legal action (a ‘tort’) against an entity that has committed a serious invasion of their privacy. This right exists independently of any complaint made to the OAIC and applies where an individual had a reasonable expectation of privacy in the circumstances and the invasion was intentional or reckless.

 

This right is in addition to, not instead of, the OAIC complaints process described below.

OAIC complaints

If you are not satisfied with our response to a privacy complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

When We May Deny Access to Personal Information

There may be circumstances in which we are not required to provide access to your personal information. For example, where:

  • The information relates to existing or anticipated legal proceedings
  • Providing access would have an unreasonable impact on the privacy of other individuals
  • The request is frivolous or vexatious
  • Access would be unlawful

We will provide you with a written explanation if we deny you access to your personal information.

Dealing with Us Anonymously

In most circumstances it will be necessary for us to identify you in order to successfully do business with you and provide our services. However, where it is lawful and practicable to do so, we will offer you the opportunity of making general enquiries without providing us with personal information.

Changes to This Privacy Policy

We review this Privacy Policy regularly to ensure it remains current, accurate and compliant with applicable privacy laws. As technology, law and marketplace practices evolve, we may update this Policy from time to time. The current version of this Policy will always be available on our website at www.optipay.com.au.

 

Material changes to this Policy will be notified to clients where practicable.

Alternative Formats

If you would prefer to receive a copy of this Privacy Policy in an alternative form (such as hard copy or via email), please contact us using the details below. We will be pleased to assist.

Contact Us

For any privacy-related queries, complaints or requests — including requests to access or correct your personal information, or to opt out of direct marketing — please contact our Privacy Officer:

OptiPay — Privacy Officer

Suite 01, Level 10, 60 Pitt Street, Sydney NSW 2000

Phone: 1300 694 686

Email: [email protected]

Website: www.optipay.com.au
OptiPay Cash Flow Finder