1. Your Privacy
2. Information we collect
Information we collect from you
We collect information about you and your interactions with us, for example when you request or use our products or services, transact money, phone or email us. When you use our website or mobile applications we may collect information about your location or activity including IP address, telephone number and whether you’ve accessed third party sites. Some of this website information we collect using Cookies
The information we collect from you may include your identity and contact details, other personal details such as gender and marital status and financial information.
Information we collect from others
We collect information about you from others, such as service providers, agents, advisers, brokers, employers or family members. For example, if you apply for credit, we may need to obtain a credit report from a credit reporting body. If you apply for life or income protection insurance, we may collect medical and lifestyle information from you or your health professionals. We may collect information about you that is publicly available, for example from public registers or social media, or made available by third parties.
We are bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (“Privacy Act”).
The Privacy Act also protects your sensitive information, such as financial records and personal records. We do not release this information to any third party, except where otherwise permitted by law.
3. How do we use your information?
We collect, use and exchange your information so that we can:
- establish your identity and assess applications for products and services
- price and design our products and services
- administer our products and services
- manage our relationship with you
- manage our risks and help identify and investigate illegal activity, such as fraud
- contact you, for example if we suspect fraud on your account or need to tell you something important
- conduct and improve our businesses and improve the customer experience
- comply with our legal obligations and assist government and law enforcement agencies or regulators
- identify and tell you about other products or services that we think may be of interest to you
- comply with any operation of law that is required of us
We may also collect, use and exchange your information in other ways where permitted by law.
Gathering and combining data to get insights
Improvements in technology enable organisations, like us, to collect and use information to get a more integrated view of customers and provide better products and services. We may combine customer information it has with information available from a wide variety of external sources (for example census or Australian Bureau of Statistics data). We are able to analyse the data in order to gain useful insights which can be used for any of the purposes of improving our business and service to you.
4. Who do we exchange your information with?
We may exchange your information with third parties where this is permitted by law or for any of the purposes mentioned above in 3
Third parties include, but are not limited to:
- service providers, for example: cloud data servers, web server providers, mortgage insurers and loyalty program redemption partners;
- those to whom we outsource certain functions, for example, direct marketing, statement production, debt recovery and information technology support;
- brokers, agents and advisers and persons acting on your behalf, for example guardians and persons holding power of attorney;
- persons involved in arrangements that provide funding to us, including persons who may acquire rights to our assets (for example loans), investors, advisers, trustees and rating agencies;
- claims-related providers, such as assessors and investigators, who help us with claims;
- other financial institutions, for example so that we can process a claim for mistaken payment;
- auditors, insurers and re-insurers;
- employers or former employers;
- government and law enforcement agencies or regulators;
- credit reporting bodies and credit providers; and
- entities established to help identify illegal activities and prevent fraud
Under 16s and special needs
If you are under 16 or have special needs, we may share your information with your parent or legal guardian or any person appointed to manage your affairs
Sending information overseas
From time to time we may send your information overseas, to service providers or other third parties who operate or hold data outside Australia. Where we do this, we make sure that appropriate data handling and security arrangements are in place.
We may also send information overseas to complete a particular transaction, such as an International Money Transfer, or where this is required by laws and regulations of Australia or another country.
5. Credit checks and credit reporting
When you apply to us for credit or propose to be a guarantor, we need to know if you’re able to meet repayments under your agreement with us. We also want to avoid giving you further credit if this would put you in financial difficulty. One of our checks involves obtaining a credit report about you.
A credit report contains information about your credit history which helps credit providers assess your credit applications, verify your identity and manage accounts you hold with them. Credit reporting bodies collect and exchange this information with credit providers like us and other service providers such as phone companies.
The Privacy Act limits the information that credit providers can disclose about you to credit reporting bodies, as well as the ways in which credit providers can use credit reports.
What information can we exchange with credit reporting bodies?
The information we can exchange includes your identification details, any applications for credit you have made, any significant default we have notified you of and whether you have committed a serious credit infringement (such as fraud). We also ask credit reporting bodies to provide us with an overall assessment score of your creditworthiness.
Once we move to comprehensive credit reporting, we will also provide credit reporting bodies with what type of loans you have been approved for, how much you’ve borrowed and whether or not you’ve met your loan payment obligations.
We use information from credit reporting bodies to confirm your identity, assess applications for credit, manage our relationship with you and collect overdue payments. We may also use this information as part of arriving at our own internal assessment of your creditworthiness.
We store credit-related information with your other information. You can access credit-related information we hold about you, request us to correct the information and make a complaint to us about your credit-related information.
Other rights you have
Credit providers may ask credit reporting bodies to use their credit-related information to pre-screen you for direct marketing. You can ask a credit reporting body not to do this. Also, if you’ve been, or have reason to believe that you’re likely to become, a victim of fraud (including identity fraud), you can ask the credit reporting body not to use or disclose the credit-related information it holds about you.
6. Keeping your information secure
We keep your hard-copy or electronic records on our premises and systems or offsite using trusted third parties. Our security safeguards include:
|Staff education||We train and remind our staff of their obligations with regard to your information.|
|Taking precautions with overseas transfers and third parties||When we send information overseas or use third parties that handle or store data, we ensure that appropriate data handling and security arrangements are in place|
|System security||When you transact with us on the internet via our website or mobile apps we encrypt data sent from your computer to our systems.
We have firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses accessing our systems.
When we send your electronic data outside the business we use dedicated secure networks or encryption.
We limit access by requiring use of passwords and/or smartcards.
|Building security||We have protection in our buildings against unauthorised access such as alarms, cameras and guards (as required).|
|Destroying data when no longer required||Where practical, we keep information only for as long as required (for example, to meet legal requirements or our internal needs).|
7. Accessing, updating and correcting your information
Can I get access to my information?
You can ask for access to your basic information (for example what transactions you’ve made) by visiting a store, going online or calling us. To obtain a copy of current credit-related information we hold about you, you can visit a store or call us.
Is there a fee?
There is no fee for making the initial request, but in some cases there may be an access charge to cover the time we spend locating, compiling and explaining the information you ask for. Generally, the access charge is a flat fee plus any photocopying costs or other out-of-pocket expenses. You’ll need to make the payment before we start, unless you’ve authorised us to debit your account.
How long does it take to gain access to my information?
We try to make your information available within 30 days of your request. Before we give you the information, we’ll need to confirm your identity
Can you deny or limit my request for access?
In certain circumstances we’re allowed to deny your request, or limit the access we provide. For example, we might not provide you access to commercially sensitive information. Whatever the outcome, we’ll write to you explaining our decision.
Updating your basic information
It’s important that we have your correct details, such as your current address and telephone number. You can check or update your information at any branch, or by going online or phoning us.
Can I correct my information?
You can ask us to correct any inaccurate information we hold or have provided to others (including credit-related information) by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests.
If your request relates to credit-related information provided by others, we may need to consult with credit reporting bodies or other credit providers. We’ll try to correct information within 30 days. If we can’t complete the request within 30 days, we’ll let you know the reason for the delay and try to agree a timeframe with you to extend the period. If we’re able to correct your information, we’ll inform you when the process is complete.
If we disagree with you that information should be corrected, we’ll let you know in writing our reasons.
8. Making a privacy complaint
We’re here to help
We accept that sometimes we can get things wrong. If you have a concern about your privacy (including credit-related matters), you have a right to make a complaint and we’ll do everything we can to put matters right.
How do I make a complaint?
To lodge a complaint, please get in touch with us. We’ll review your situation and try to resolve it straight away. If you’ve raised the matter through your point of contact or our customer service teams and it hasn’t been resolved to your satisfaction, please contact us.
How do we handle a complaint?
We acknowledge every complaint we receive and provide our name, a reference number and contact details of the investigating officer. We keep you updated on the progress we’re making towards fixing the problem. Usually, it takes only a few days to resolve a complaint. However, if we’re unable to provide a final response within 45 days (or 90 days for superannuation complaints), we’ll contact you to explain why and discuss a timeframe to resolve the complaint.
Credit-related information complaints
If your complaint is about our practices relating to credit-related information, then we may need to consult with other organisations, including credit reporting bodies or credit providers. We will acknowledge receipt of the complaint within seven days. If we can’t resolve the matter within 30 days, we’ll contact you and explain the reason for the delay, the expected timeframe to resolve the complaint and seek your agreement to extend the period.
If you’re not satisfied with our handling of your matter, you can refer your complaint to external dispute resolution. We suggest you do this only once you’ve first followed our internal complaint processes set out above.
The Credit & Investment Ombudsman (CIO) offers a free and independent dispute resolution service for the Australian banking, insurance and investment industries. CIO will consider privacy disputes if they’re about the provision of credit, the collection of a debt, credit reporting or the banker-customer relationship, or if the privacy issue is part of a broader dispute with us. Please contact CIO at 1800 138 422, online at www.cio.org.au or write to
Credit and Investments Ombudsman
Reply Paid 252
South Sydney NSW 1234
If your complaint is about the way we handle your personal information, you may also contact the Office of the Australian Information Commissioner by calling them at 1300 363 992, online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.