Privacy Policy

Our Commitment

We are committed to protecting your privacy and handling your personal information in a safe and responsible manner. Aryza manages your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). This policy explains how we handle personal information (including credit related information) relating to individuals so as to ensure we meet our obligations and commitment.

Terminology

This policy applies to the following entities, which are collectively described as ‘we’, ‘us’ or ‘our’ in this Privacy Statement:

• Aryza APAC Pty Ltd, ABN 20 669 276 180
• Aryza Australia Pty Ltd, ABN 40 650 573 774
• Bravure Pty Ltd, ABN 98 086 201 194

This policy excludes other entities in the Aryza family (Other Aryza Entities), which have their own privacy policies in accordance with jurisdictional requirements.

The expressions “you” and “your” refer to a relevant individual whose personal information we may collect, use or disclose from time to time.

The expression “personal information” is used in this policy to refer to information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. In this policy, the term “personal information” includes credit related information about an individual.

The type of information we collect:

We only collect personal information to the extent that this is reasonably necessary for the performance or fulfilment of one or more of our functions or activities. These functions include:

• the provision of software, administrative and assistance services to support creditors’ recovery of outstanding debts (for example, we provide a platform by which current creditors and debt buyers or debt collections businesses can request information of originating lenders);
• the provision of technology platforms and software solutions to support creditors’ origination decisioning, lending obligations, and other aspects of the credit process;
• the provision of administrative and assistance services to debt agreement administrators to assist them in formulating and proposing payment plans to creditors on your behalf; and
• related activities in connection with or associated with these functions.

The personal information that we may collect about you, as an individual, may include the following kinds of information:

• your name;
• your contact details, such as your residential and/or email address and telephone number;
• your age or date of birth;
• information provided to us by our clients in relation to amounts owing by you to creditors;
• information provided to us by our clients in relation to amounts paid to them or proposed to be paid by or on your behalf;
• other information provided to us by our clients to help them manage their internal records;
• information we receive from the Australian Financial Security Authority (AFSA), courts, debt collectors, credit reporting bodies, trustees in bankruptcy or other insolvency administrators or practitioners;
• any additional information about you that is necessary to allow us to perform and deliver our support and administrative services to our clients, and to respond to enquiries;
• any information that you provide on our website contact form or newsletter subscription form;
• information provided to us via email to our support address, including any attachments or screenshots;
• telephone numbers recorded in inbound and outbound call logs, and in some cases phone recordings (where you have been informed that we are recording a phone call); and
• personal information received from persons applying for roles with Aryza (see Employee Records section below).

Method of Collection

Where information is not collected directly from you, for example where it is unreasonable or impracticable for us to do so, information about you will generally be collected from the following sources:

• our relevant client to whom you may owe money or from whom you apply for credit;
• our related companies, employees, agents, contractors and advisors;
• our service providers, such as computer systems consultants, trust managers, document custodians, data repositories, mailing houses and the like; and
• AFSA, the courts, debt collectors, trustees in bankruptcy or other insolvency administrators or practitioners;

Information may be collected directly from you on our website, where you submit a contact form, call us, subscribe to a newsletter subscription, or make an enquiry.

If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by privacy laws, we may collect, use and disclose such information for the purposes described in this policy. For example, you should take reasonable steps to ensure the individual concerned is aware of the various matters detailed in this Privacy Policy.

Purposes of Collection

The purposes for which we may collect personal information include, but are not limited to the following:

• enabling our clients (creditors, debt buyers, or debt agreement administrators, where applicable) to use our services and to better allow us to perform those services, which include transactional services relating to the sale of delinquent debt, servicing platforms, and administrative services relating to the proposal and management of bankruptcies, insolvencies, and alternatives to bankruptcy;
• operating, protecting, improving and optimising our business and our users’ experience, such as performing analytics and conducting research;
• sending service, support and administrative messages, reminders, technical notices, updates, security alerts, and requested information to our clients;
• sending relevant notices to you or your creditor, debt agreement administrator, trustee, or insolvency practitioner;
• sending promotional messages about Aryza’s products and services, where you have provided your consent to receive such communications (see Marketing section below);
• investigating and troubleshooting support issues raised by you or our clients;
• complying with our legal obligations, resolving any disputes that we may have with any person, and to enforce our agreements with third parties.

Use and Disclosure

As a general rule, we will not use or disclose personal information for purposes other than those connected with the primary purpose of collection, or a reasonably related secondary purpose which we believe you should reasonably expect.

Secondary purposes might include disclosure to service providers or other third-party contractors (including outsourced and cloud service providers) who may be unable to avoid accessing personal information in the course of providing technical or other support services to our company.

Examples of our disclosures of personal information may include disclosures to:

• our clients (your creditors or debt agreement administrators, where applicable);
• our employees and related bodies corporate;
• third party suppliers and service providers, professional advisers, dealers and agents;
• our existing or potential agents, business partners or partners;
• Other Aryza Entities (in some circumstances only);
• anyone to whom our assets or businesses (or any part of them) are transferred;
• specific third parties authorised by you to receive information about you held by us; and/or
• other persons, including government agencies, courts, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

Direct Marketing

We will not use your personal information for direct marketing purposes without your prior consent. Where you have consented to receive promotional communications from us (for example, by subscribing to our newsletter or making a product enquiry via our website), we will use your contact details to send you information about our products and services. You may withdraw your consent at any time by clicking the unsubscribe link in any marketing email or by contacting us using the details below.

Cookies and Website Data

Our website uses cookies. Cookies are small text files downloaded to your device when you visit our site, which are sent back to us on each subsequent visit to improve your experience and the functionality of the site.

Cookies may be set by our website (first party cookies) or by third parties running content on pages you view (third party cookies). By continuing to use our website, you consent to our use of cookies.

You may learn more about the use of cookies on our website, or withdraw your consent from certain cookies on our website by visiting www.aryza.com/cookie-policy

For more information about cookies generally, visit www.allaboutcookies.org or www.youronlinechoices.eu.

If you have questions about our use of cookies, please contact us using the details set out in this Policy.

Retention and Overseas Disclosure

We will store your personal information in Australia in a secure manner, for example on a secure encrypted server located in Australia.

Certain information that is provided to our clients, suppliers, or (in some circumstances) Other Aryza Entities may be accessed by them from overseas. Other Aryza Entities are located in the United Kingdom, Canada, Ireland, Germany, the Netherlands, and Mauritius.

Where personal information is disclosed to overseas recipients, it will be transferred in a secure way. We will take reasonable steps to ensure that those recipients handle the information in a manner consistent with the Privacy Act.

We keep your personal information for as long as is necessary to perform the purposes described in this policy, or as required by law. Once your personal information is no longer required, we will take reasonable steps to destroy or de-identify it.

Employee Records

In accordance with the Privacy Act, this policy does not apply to our acts and practices directly related to a current or former employment relationship between us and an employee, and an employee record held by us relating to the employee.

If, nevertheless, we transfer employee records offshore for any reason, we will comply with the cross-border restrictions set out in the Privacy Act which apply to the overseas transfer of personal information.

Personal information received in the context of job applications will be used solely for the purposes of assessing your suitability for the relevant role and, if applicable, onboarding.

Data Security

We will take reasonable steps to protect the personal information which we hold from misuse or loss and from unauthorised access, modification or disclosure.

Subject to our legal obligations and contractual requirements to retain records for particular periods, we will destroy personal information once we no longer require it for business purposes.

Access, Correction and Your Rights

We will take such steps as are reasonable to ensure that the personal information which we collect remains accurate, up to date and complete.

We will provide you with access to your personal information held by us unless we are permitted under the Privacy Act to refuse to provide you with such access. Please contact us via the details at the end of this policy if you:

• wish to have access to the personal information which we hold about you;
• consider that the personal information which we hold about you is not accurate, complete or up to date; or
• require further information on our personal information handling.

There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in actually providing you with access.

If you consider that the information which we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Privacy Act, to correct that information if you so request. In certain circumstances, and subject to applicable law, you may also request that we erase personal information or restrict how we are processing it.

We will respond to all requests for access and/or correction within a reasonable time.

Complaints

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, please contact us using our contact details below. You may lodge a complaint in writing (via email or post) or over the phone.

We will provide written acknowledgement of your complaint within 7 days of receipt. We will investigate and advise you of the steps we have taken to resolve your complaint within 30 days of receipt of your complaint.

If you remain unsatisfied with the way in which we have handled a privacy issue, you may contact the Office of the Australian Information Commissioner (OAIC) for guidance on alternative courses of action. We will provide our full cooperation in the event that you elect to pursue this course of action.

Supervisory Authority	Address	Website	Phone
Office of the Australian Information Commissioner (OAIC)	GPO Box 5288, Sydney NSW 1042	www.oaic.gov.au	1300 363 992

Contact Us

For further information about our policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

Privacy Officer / Data Protection Officer

Phone: 1300 723 480
Email: [email protected]
Mail: Aryza, Level 5, 123 Pitt Street, Sydney NSW 2000

For further information about privacy laws generally, please contact the Office of the Australian Information Commissioner:

Mail: GPO Box 5288, Sydney NSW 1042
Phone: 1300 363 992
Website: www.oaic.gov.au

Changes to this Policy

This policy was last updated on 18 May 2026 is subject to change.

From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our website. You may obtain a copy of our current policy from our website or by contacting us on the details above. It is your responsibility to check the website from time to time in order to determine whether there have been any changes.