Privacy Policy

Last updated: May 2026

At Upfront Mortgage Services, we are committed to protecting your privacy and managing your personal information in an open and transparent manner. This Privacy Policy explains how we collect, use, store, and disclose your personal information, including credit information, in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Privacy (Credit Reporting) Code.

Upfront Mortgage Services (Micallef Finance Pty Ltd, ABN 851 576 679 75) is a Credit Representative (422073) authorised under Mortgage Specialists Pty Ltd (ACN 050 601 093, Australian Credit Licence 387025). This policy applies to all personal information collected by Upfront Mortgage Services in the course of providing mortgage broking and credit assistance services.

---

1. Open and Transparent Management of Personal Information

We manage personal information, including credit information, openly and transparently. When we collect your personal information, we will notify you of:

• The type of personal information being collected;
• Who that personal information may be disclosed to; and
• How we use that personal information.

We are responsible for handling any queries regarding access to, or correction of, personal information, as well as any privacy-related complaints. Our team is trained at regular intervals to ensure they understand our obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

We periodically update this Privacy Policy and will provide a copy free of charge on request in a suitable format.

2. Anonymity and Pseudonymity

Generally, we are not able to deal with customers who do not wish to identify themselves, as identification is essential to providing credit assistance. However, where possible and appropriate, we will provide general information to unidentified individuals.

3. Collection of Personal Information

We collect personal information for the following purposes:

• Arranging and assessing applications for credit;
• Managing credit and ongoing client relationships;
• Providing individuals with products or services marketed by us and our associates;
• Protecting individuals and ourselves from error or fraud; and
• Complying with regulatory and legal requirements.

Types of Personal Information We May Collect and Hold

Identification and Contact Information: Your name, address, phone number, email and other personal contact information, date of birth, occupation and employment history, family status, and relationship information (cohabitants, dependants, and the ages of individuals in your household).

From time to time we may collect information that contains government identifiers, which could include your tax file number. However, we do not use or disclose this information other than as required by law.

Financial Information: Information relating to your overall financial position for the purposes of our loan assessment. This may include bank statements (transaction and savings statements), credit card and store card statements, and information related to your assets and liabilities.

Credit Reporting Information: Credit reports from credit reporting bodies. These reports may disclose your repayment history with loans and financial liabilities, including information about overdue payments and defaults, adverse credit history, infringements, insolvency or bankruptcy, court proceedings, and other publicly available information. We use your credit-related information to assess your eligibility for finance. This information is generally exchanged between credit and finance providers and credit reporting bodies.

Sensitive Information

We may collect sensitive information if you are referred to an insurance agency or apply for an insurance-related product where the insurer may have affiliations with our business. Insurance products that may require sensitive information include, but are not limited to, life insurance, income protection, and total and permanent disability (TPD) cover.

It is unlikely we will require collection of sensitive information in applications relating to our credit activities, but this may occur periodically. We only collect sensitive information directly from the individual and with the individual’s consent. Sensitive information collected in this way is only used for the purpose for which it is provided. This may include information about your religion, ethnicity, health information, criminal record, or biometric information.

4. How We Collect Your Information

Where possible, we collect personal information directly from you. There are a number of ways we may seek information, including when you:

• Fill out a form on our website or in person;
• Contact us by phone, email, or SMS;
• Use our website or online enquiry tools;
• Engage with us through social media channels.

We also use electronic means such as email and SMS as a convenient way to communicate with you and verify your details.

Information Collected via Website and Internet Activity

When you access our website at https://upfrontmortgageservices.com.au, we may monitor your use of the site to verify your identity, deliver information to you, and identify ways we can improve our services.

Some customers prefer to engage with us through social media channels. We may collect information about you when you interact with us through these channels. However, we do not expect personal or financial information to be shared in that type of forum and recommend using more secure channels for the transmission of personal or sensitive information.

To improve our services and products, we sometimes collect de-identified information from web users. This may include IP addresses or geographical information to ensure your use of our web applications is secure.

5. Unsolicited Personal Information

If we receive unsolicited personal information, we will determine whether we could have collected that information by lawful and fair means and whether it relates to one of the purposes outlined above. If not, we will destroy or de-identify the personal information as required by law.

6. Notification of the Collection of Personal Information

When we first collect personal information from you, we will notify you and obtain your consent to our use and disclosure of that information. This notification will inform you of:

• The purposes of the collection of your personal and credit information;
• Entities to which we usually disclose personal or credit information;
• What happens if you choose not to provide us with the requested information;
• Direct marketing that may be undertaken by us or our associates;
• Where our Privacy Policy can be found; and
• Any disclosure of personal information to overseas entities.

Where we know we are likely to disclose your personal information to another identifiable entity as part of our service, we will usually notify you of the identity and contact details of that organisation and why your information may be disclosed to them.

7. Direct Marketing

We notify individuals at the time of collecting personal information that their information may be used by us and any associated businesses for the purposes of direct marketing.

All direct marketing communications include a prominent statement about how you can elect not to receive direct marketing. Where the communication is an email, we provide an ‘unsubscribe’ function. We keep appropriate records to ensure individuals who have opted out do not receive further direct marketing communications. We do not apply a fee for unsubscribing.

We do not sell personal information. We do not use sensitive information for the purposes of direct marketing. If we purchase personal information for direct marketing, we conduct appropriate due diligence to ensure proper consents have been obtained.

8. Cross-Border Disclosure of Personal Information

We may disclose your information to organisations overseas that are contracted to us for purposes such as audits of loan files to ensure legislative, regulatory, and industry expectations have been met. We may also store your information in the cloud or other forms of networked or electronic storage.

Because cloud storage and IT servers may be located overseas and can be accessed from various countries via an internet connection, it is not always practicable to identify the specific country in which your information may be held.

9. Government Related Identifiers

We do not use government related identifiers to identify individuals. We may receive tax file numbers in the course of assessing an application for credit; however, we do not use or disclose tax file numbers for any purpose when engaging in credit activities.

10. Quality of Personal Information

We rely on you to help us ensure your personal information is accurate, up-to-date, and complete. If we become aware that personal information is inaccurate, out of date, or incomplete (for example, when mail is returned), we will update our systems accordingly.

11. Security of Personal Information

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. Some of the controls we use include:

• Access restrictions to data using physical and electronic barriers;
• Appropriate training of representatives on confidentiality obligations;
• Education of representatives in recognising possible cyber intrusions;
• Governance around the provision of information to third parties;
• ICT security including firewalls, malware scanning, and encryption of data.

Any paper records are only accessible to employees and authorised individuals as needed, and are held within offices that are locked and security-protected after hours.

In accordance with the Australian Privacy Principles, we retain personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with applicable legal or ethical reporting and document retention requirements. We take reasonable steps to destroy or de-identify personal information that is no longer needed.

12. Access to Personal Information

You may request access to any personal information we hold about you. We will not charge you for requesting access where it is reasonable and practicable to provide it. We will verify your identity prior to disclosing any personal information.

When we receive a request for access, we will usually respond within 7 days. Depending on the nature of the request, we may be able to provide the information at the same time as the request is made. For larger or more complex requests, we will investigate and advise you of the information we hold and provide details accordingly.

We will comply with all reasonable requests to provide personal information in your requested format.

Circumstances Where Access May Be Denied

We will not give access to personal information where it is unreasonable or impracticable to do so, or where the request would likely:

• Pose a serious threat to the life, health, or safety of any individual, or to public health or public safety;
• Unreasonably impact the privacy of other individuals;
• Be frivolous or vexatious;
• Relate to anticipated legal proceedings where access should occur through discovery;
• Reveal our intentions in negotiations with the individual in a way that would prejudice those negotiations;
• Be unlawful or in breach of an Australian law;
• Prejudice the taking of appropriate action regarding unlawful activity or misconduct related to our functions or activities;
• Prejudice an enforcement-related activity of an enforcement body (such as ASIC); or
• Reveal commercially sensitive information.

If we do not provide access, we will provide written reasons and advise you of your right to access our Internal Dispute Resolution (IDR) and External Dispute Resolution (EDR) schemes.

13. Correction of Personal Information

If we hold personal information about you and are reasonably satisfied it is inaccurate, out of date, incomplete, irrelevant, or misleading, or if you request a correction, we will take reasonable steps to correct the information.

If we have previously disclosed personal information that we then correct, we will take reasonable steps to notify the entity to which it was disclosed. If we decline to make a correction, we will provide reasons and details of our IDR and EDR procedures. If you then request that we add a statement to the record that the information is disputed, we will take reasonable steps to do so.

14. Complaints and Dispute Resolution

If you have concerns about whether we have complied with the Privacy Act 1988 (Cth), the Australian Privacy Principles, or this Privacy Policy, or if you have a complaint about our services, please contact us in the first instance:

• Contact: Aaron Micallef
• Business: Upfront Mortgage Services (Micallef Finance Pty Ltd)
• Email: aaron@upfrontmortgageservices.com.au
• Phone: 0422 532 029

Examples of issues include internet privacy complaints, security breaches, misuse of personal information, and concerns about the services we have provided. Your complaint will be considered through our internal complaints resolution process, and we aim to respond with a decision within 30 days of receiving your complaint.

Licensee Privacy Contact

You may also raise privacy concerns directly with our licensee, Mortgage Specialists Pty Ltd:

• Email: compliance@spfgroup.com.au
• Phone: 08 9286 6888

External Dispute Resolution

If you remain dissatisfied with how your complaint has been managed, you may contact the following bodies:

1. Australian Financial Complaints Authority (AFCA)
AFCA provides free, fair, and independent dispute resolution for financial complaints.

• Phone: 1800 931 678
• Email: info@afca.org.au
• Website: www.afca.org.au
• Post: GPO Box 3, Melbourne VIC 3001

2. Office of the Australian Information Commissioner (OAIC)
For privacy-related complaints, you may contact the OAIC.

• Phone: 1300 363 992
• Website: www.oaic.gov.au

Any issues regarding spam or telemarketing will generally be referred by the OAIC to the Australian Communications and Media Authority (ACMA).

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legislation, regulation, or our business practices. The latest version will always be available on our website. Continued use of our website or services following changes constitutes acceptance of the updated policy.

16. Compliance Statement

Aaron Micallef is a Credit Representative (422073) of Mortgage Specialists Pty Ltd ACN 050 601 093 Australian Credit Licence 387025.

Upfront Mortgage Services. All rights reserved. ABN – 851 576 679 75 | ACN – 157 667 975 | License number – SFG – 387025 | Credit Representative – 422073. Micallef Finance Pty Ltd ABN 851 576 679 75 trading as Upfront Mortgage Services is authorised under Mortgage Specialists Pty Ltd ACN 050 601 093 Australian Credit Licence 387025.