CSR GROUP Privacy policy

Introduction

CSR is committed to protecting your privacy. This policy applies to the CSR Group, being CSR Pty Limited ACN 000 001 276 and its related bodies corporate, collectively “we” “us” and “CSR” and it sets out how we collect, use and manage personal information.

CSR's privacy obligations are governed in Australia by the Privacy Act 1988 (Cth) and the Australian Privacy Principles and in New Zealand by the Privacy Act 2020 (Privacy Laws).
 

Updates to this Privacy Policy

We may make changes to this Privacy Policy from time to time. If we make changes to this Privacy Policy, we will notify you by issuing an updated version of this Privacy Policy on our website, and such changes will become effective from the date we issue the updated version of this Privacy Policy to our website.

You agree that such notification will constitute sufficient notice to you of the changes to this Privacy Policy. By continuing to engage with us, provide us with your personal information, use our goods or services, undertake any trade with us, or otherwise interact with us (including under any agreements we have with you), you consent to the collection, processing, use, storage, and disclosure of your personal information and credit information in accordance with this updated Privacy Policy.
 

What personal information does CSR collect?

The types of personal information that we may collect will depend on the nature of the interaction with you, but may include:

• name and date of birth;
• contact details including address, email address and telephone number;
• if you apply for employment or for credit with us, details regarding your employment history, educational qualifications, information derived from background checks, current employment and income details;
• identification details including passport and driver’s licence and tax file numbers;
• business and trade related information, including business and trade references such as information about a referee and photographs of business and trade premises;
• bank account or other payment details such as bank statements, credit card statements;
• credit related information such as credit history, credit records, credit references;
• images from video surveillance;
• network and device data such as IP address; and
• other personal information you provide to us. 

How does CSR collect personal information?

The way we collect information depends on the nature of the interaction with you. We will usually collect personal information directly from you, for example you may:

• access one of our websites;
• access one of our Apps (such as CSR System Selector)
• submit a form via one of our websites;
• subscribe to receive communications from us;
• place an order with us (including via CSR Connect);
• apply for credit terms with us;
• apply for employment with us;
• share your personal information with the CSR customer services team or other CSR representative;
• undertake a customer survey or provide feedback; or
• otherwise communicate with us.

We may also collect personal information about you from third parties, for example from:

• publicly available sources;
• recruitment agencies, referees and pre-employment screening check providers;
• banks, insurers and other authorised deposit taking institutions or similar financial institutions;
• your authorised representatives; and
• credit reporting bodies.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising.

Where you provide us with personal information about another individual (e.g. where you are acting as their authorised representative), you are responsible for ensuring that you have the express consent of that individual to provide us with their personal information and informing them of this privacy policy.
 

How does CSR use personal information?

Other than as permitted under the Privacy Laws, CSR will only use your personal information for the purpose for which it was collected, which may include:

• to provide products or services to you;
• to administer and manage those services and products including charging, billing, delivery and collecting debts;
• to provide you with information, products or services that you request from us;
• to maintain relationships with suppliers, contractors and other service providers;
• to verify your identity;
• to maintain and update our records;
• to perform our business functions;
• for analytic and statistical purposes;
• to monitor our sales of products and services and for quality control purposes;
• to monitor and measure the use of our websites or apps;
• to undertake product recalls or withdrawals;
• to assess credit worthiness (both initially and ongoing) and provide credit;
• to manage credit provided to you and monitor your ability to manage credit;
• to assess, re-assess, audit and monitor your credit relationship with us, including credit eligibility and credit limits;
• to provide information to and communicate with our shareholders;
• to comply with legal obligations and protect our lawful interests;
• to assist us in ensuring security, health and safety and customer protection in our stores; and
• any other purpose made known to you at the point of collection.
   

What if you don’t give CSR your personal information?

If you choose not to provide certain personal information, then we may not be able to provide the product or services you require, or the level of service that we would like to provide.  We may also not be able to employ you or engage you as a service provider. We may also not be able to provide you with credit.
 

Does CSR send marketing material?

Where CSR has your consent, or is permitted by the Privacy Laws to do so, we may use and disclose your personal information to send direct marketing material about our products and services, or other matters we consider may be of interest to you.

If you wish to opt out from receiving marketing material from CSR you can use the unsubscribe function in the electronic message or contact the Privacy Officer using the details below.

Who does CSR disclose personal information to?

We may disclose your personal information to companies within the CSR Group, third parties engaged by CSR and our business partners who assist us to perform our business functions including providing information, goods or services to you. We may disclose to:

• our employees, consultants, temporary workers or other representatives;
• our related bodies and members of our corporate group;
• payment processors;
• logistics providers;
• professional advisers such as bankers, solicitors, business advisors and auditors;
• service providers who provide operational services to CSR or who help provide our services to you, such as accounting, consumer analysis, archiving, cloud storage and processing, debt collection, data processing and data analysis, information broking, insurance, marketing and consumer analysis, telecommunications, research, fraud detection and monitoring, website, information technology or other relevant services;
• credit reporting bodies;
• government agencies or regulatory bodies;
• third parties in connection with the sale of some or all of our business; and
• any other party whom you authorise us to disclose your personal information to.

We may also disclose your personal information to comply with legislative and regulatory requirements or in connection with law enforcement requirements or as otherwise required or permitted by law.
 

Does CSR disclose personal information overseas?

Some third parties that we disclose your personal information to may be located in a country outside of your own country. The countries in which the personal information you provide to us may be held include Australia, New Zealand, the United States of America, India and Europe. We will not disclose your personal information to an overseas recipient without taking reasonable steps to ensure that the overseas recipient will be required to protect the information in a way that provides comparable safeguards to those in the Privacy Laws.

Use of cookies and links to third party sites

Please refer to our cookie policy. 
CSR's websites may contain links to websites operated by third parties. CSR is not responsible for the content, or privacy policy, of third-party sites.

Storage and security

CSR has implemented and maintains appropriate physical, electronic and administrative safeguards to protect personal information from loss, misuse, alteration, theft, unauthorised access or unauthorised disclosure. Once CSR no longer requires personal information held, we will take reasonable steps to destroy or de-identify the personal information.

How you can access and correct personal information

In most cases, you may obtain access to or correct any personal information which CSR holds about you.

To make a request to access information CSR holds about you, please contact our Privacy Officer using the contact details below, noting the personal information you are requesting access to. We may need to verify your identity. CSR may charge a reasonable administrative fee in connection with your request to access information, in which case we will advise you of this fee upfront and obtain your consent before we proceed.

CSR takes reasonable steps to ensure that the personal information it holds is accurate and up to date and in most cases will take reasonable steps to correct personal information that is inaccurate. Please contact our Privacy Officer if you believe that the personal information CSR holds about you is no longer correct or out of date using the contact details below.

If CSR denies any requests for access to, or correction of, personal information, CSR will provide a written explanation. If you object, you may make a complaint in the manner described in the Complaints section below. If we are unwilling to correct your information you have the right to ask us to attach a statement of correction to the information.  
 

Complaints

If you consider that any action taken by CSR breaches this policy or the Privacy Laws, you can make a complaint by contacting us by one of the methods set out below. We take privacy complaints seriously and will act promptly in response to a complaint.

Upon receiving a complaint, we will review and consider the complaint. If the complaint requires further investigation, we will try to carry out the investigation in a timely manner. We may seek further information from you to assist with our investigation. We will then inform you of our findings about your complaint.

If we fail to respond to your complaint within a reasonable time or your complaint is not resolved to your satisfaction in Australia you may complain to the Office of the Australian Information Commissioner (www.oaic.gov.au) and in New Zealand you may complain to the Office of the Privacy Commissioner (www.privacy.org.nz).
 

How to contact CSR

If you have any queries about this policy, complaints about CSR’s handling of your personal information or wish to access or update your personal information which CSR holds, please contact CSR’s privacy officer at info@csr.com.au, or you can write to: 

CSR Privacy Officer, 
CSR Pty Limited, 
Locked Bag 1345, 
North Ryde BC NSW 1670 
Australia 

Reviewed and updated: November 2025 
 

CSR Group Privacy Policy regarding Credit Information

We may collect, use, disclose and store your credit and credit-related information when you apply for a credit account with us or when you use any credit facilities or features that we offer to you, and the following terms will apply in addition to the terms relating to your personal information above.

When you apply for credit terms with us, you authorise us to make credit reference checks to verify your creditworthiness both at the time of application and during the course of our business dealings as may be required from time to time.  
 

Types of credit information that we collect, use, disclose and store

In addition to the personal information mentioned above, we may collect, use, disclose and store the following types of credit and credit-related information:

• consumer credit liability information such as information about any credit accounts that you have or have had as well as the credit limits for these accounts and their open/close dates;
• repayment history information such as if you have made payments when due, and if not, when overdue payments have been made;
• financial hardship information such as information about agreed financial hardship arrangements that you may have with us or other credit providers;
• default information such as details of any defaults or serious credit infringements;
• public record information such as court judgements, directorship and business proprietorship details (including any records on public or private registers pertaining to them) and information pertaining to bankruptcy, debt agreements and personal insolvency; or
• credit worthiness information such as credit scores, credit risk ratings, summaries and evaluations.

We may use external credit reporting services which may include the use of:

• assessment and reporting services, where we collect and receive reports on your credit information and credit worthiness assessments that they hold or compile about you; and
• monitoring services where we collect and receive updates about the information they hold about you during the term of your credit arrangements with us.  

Some of the types of credit and credit-related information shown above may be derived by us from information and reports provided to us by external credit reporting bodies.
 

How we collect and store credit information

We collect credit information directly from you or your representative when you apply for and trade under a credit account with us. We may also collect credit information about you from third parties, including:

• credit reporting bodies or other credit providers;
• publicly available sources, including from Australian Government agencies such as the Australian Securities and Investments Commission, internet search platforms and social media platforms;
• by deriving this information from your dealings with us; and
• from service providers that assist us to provide credit or administer the credit accounts that we provide, including commercial information service providers, credit application assessors, debt collectors and lawyers.

We keep your credit information with your other information. Please also see the ‘Storage and security’ section above for more information.
 

Purposes for which we collect, use, disclose and store credit information

When you apply to us for a credit account, we need to know if you’re able to meet repayments under your agreement with us.

We use credit information and your personal information to:

• confirm your identity;
• assess your credit applications and your ability to manage credit;
• manage credit provided to you and monitor your ability to manage credit;
• to assess, re-assess, audit and monitor your credit relationship with us, including credit eligibility and credit limits;
• to participate in the credit reporting system and to provide information to credit reporting bodies in certain circumstances, including where you consent to the disclosure, where you fail to meet payment obligations in relation to credit provided by us or if you have committed a serious credit infringement with us;
• assist you to manage your credit related obligations and to consider any financial hardship requests;
• derive scores, ratings, summaries and evaluations relating to your credit worthiness which are used in our decision-making processes and ongoing reviews;
• help us collect overdue payments, enforce our legal rights or to protect our interests;
• comply with our legal obligations; and
• share information with credit reporting bodies
   

Who we share your credit information with

We may share your personal information and credit information with external credit reporting agencies and bodies for them to provide us with their credit reporting services and for them to update their credit reporting databases. We may disclose your credit information to, and for the use by, credit reporting agencies, debt collection agencies, and legal advisors in order to assist us with collecting overdue payments from you or to otherwise enforce our legal rights or to protect our interests.

We share personal information and credit information with, and collect it from, the following credit reporting bodies:

We may also share your credit information with our related bodies.
 

Overseas disclosure of credit information

We do not disclose your credit information to a third party that does not have an Australian or New Zealand link. Please also see the ‘Does CSR disclose personal information overseas?’ section above for more information.
 

Accessing and correcting credit information

If you would like to access or correct any credit information that we hold about you, you may follow the same process as set out in the ‘How you can access and correct personal information’ and ‘How to contact CSR’ sections above.
 

Complaints relating to credit information

If you have any complaints relating to our collection, use, disclosure or storage of your credit information, you may follow the same process as set out in the ‘Complaints’ and ‘How to contact CSR’ sections above.

Reviewed and updated: November 2025