The types of information that we collect and hold about you could include:
We may collect information about you because we are required or authorised by law to collect it. There are laws that affect financial institutions, including company and tax law, which require us to collect personal information. For example, we require personal information to verify your identity under Commonwealth Anti-Money Laundering law.
If you use the internet to access or transact with us or on an account with us, we monitor your use of our websites, to ensure we can verify you and you can receive information from us, and to identify ways we can improve our services for you.
To improve our services and products, we sometimes collect de-identified information from web users. That information could include IP addresses or geographical information.
We understand that your personal information needs to be looked after and isn’t something you leave lying around for just anybody to take. So unless it’s unreasonable or impracticable, we will try to collect personal information directly from you (referred to as ‘solicited information’). For this reason, it’s important that you help us to do this and keep your contact details up-to-date.
There are many ways we seek information from you. We might collect your information when you fill out a form with us, when you’ve given us a call or used our websites. We also find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details.
Sometimes we collect information about you from other sources. We do this only if it’s necessary to do so. Instances of when we may need to include where:
If you don’t provide your personal information to us, we may not be able to:
People often share information with us we haven’t sought out (referred to as ‘unsolicited information’). Where we receive unsolicited personal information about you, we will check whether that information is reasonably necessary for our functions or activities. If it is, we’ll handle this information the same way we do with other information we seek from you. If not, we’ll ensure we do the right thing and destroy or de-identify it.
When we receive personal information from you directly, we’ll take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint.
Sometimes we collect your personal information from third parties. You may not be aware that we have done so. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.
We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:
We can store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.
We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law, such as the Corporations Act, the Anti-Money Laundering & Counter-Terrorism Financing Act, and the Financial Transaction Reports Act for example. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.
What are the main reasons we collect, hold and use your information? Because we offer a range of services and products, collecting your personal information allows us to provide you with the products and services you’ve asked for. This means we can use your information to:
We may use or disclose your personal information to let you know about products and services from across the Group that might better serve your needs.
We may conduct these marketing activities via email, telephone, SMS, iM, mail, or any other electronic means. We may also market our products to you through third party channels (such as social networking sites), or based on your use of Group programs. We will always let you know that you can opt out from receiving our third party or Group program marketing offers.
Where we market to prospective customers, we are happy to let them know how we obtained their information and will provide easy to follow opt-outs.
With your consent, we may disclose your personal information to third parties such as brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time. We won’t sell your personal information to any organisation outside of the Group.
You can let us know at any time if you no longer wish to receive direct marketing offers from the Group (see ‘Contact Us’). We will process your request as soon as practicable.
We’ve just told you some of the main reasons why we collect your information, so here’s some more insight into the ways we use your personal information including:
To make sure we can meet your specific needs and for the purposes described in ‘How we use your personal information’, we sometimes need to share your personal information with others. We may share your information with other organisations for any purposes for which we use your information.
We may share your personal information with other Group members. This could depend on the product or service you have applied for and the Group member you are dealing with.
We may need to share your personal information with:
We may disclose your personal information to third parties outside of the Group, including:
We run our business in Australia and overseas. We may need to share some of your information with organisations outside Australia. Sometimes, we may need to ask you before this happens. Our current list of overseas countries is: New Zealand, The Philippines, United Kingdom, United States.
We may store your information in a cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed.
Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.
We‘ll always give you access to your personal information unless there are certain legal reasons why we can’t. You can ask us to access your personal information that we hold by filling out the Personal Information Access form.
We will give you access to your information in the form you want it where it’s reasonable and practical. We may charge you a small fee to cover our costs when giving you access, but we’ll always check with you first. You can find the schedule of fees explained on the Access form.
We’re not always required to give you access to your personal information. Some of the situations where we don’t have to give you access include when:
If we can’t provide your information in the way you’ve requested, we will tell you why in writing. If you have concerns, you can complain by using the ‘Contact’ link below.
Contact us if you think there is something wrong with the information we hold about you and we’ll try to correct it if it’s:
If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know in writing.
Whether we made the mistake or someone else made it, we are required to help you ask for the information to be corrected. So we can do this, we might need to talk to others. However, the most efficient way for you to make a correction request is to send it to the organisation which made the mistake.
If we’re able to correct the information, we’ll let you know within five business days of deciding to do this. We’ll also let the relevant third parties know as well as any others you tell us about. If there are any instances where we can’t do this, then we’ll let you know in writing.
If we’re unable to correct your information, we’ll explain why in writing within five business days of making this decision. If you have any concerns, you can access our external dispute resolution scheme or make a complaint to the Office of the Australian Information Commissioner.
If we agree to correct your information, we’ll do so within 30 days from when you asked us, or a longer period that’s been agreed by you.
If we can’t make corrections within a 30 day time frame or the agreed time frame, we must:
If you have a complaint about how we handle your personal information, we want to hear from you. You are always welcome to contact us.
You can contact us by using the ‘Contact’ link below. We are committed to resolving your complaint and doing the right thing by our customers. Most complaints are resolved quickly, and you should hear from us within ten business days.
If you still feel your issue hasn’t been resolved to your satisfaction, then you can raise your concern with the Office of the Australian Information Commissioner:
If we can’t fix things within 30 days, we’ll let you know why and how long we think it will take. We will also ask you for an extension of time to fix the matter. If you have any concerns, you may complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner.
We’ll let you know about our decision within 30 days or any longer agreed time frame. If you have any concerns, you may complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner.
What if you want to interact with us anonymously or use a pseudonym? If you have general enquiry type questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way as we are often governed by strict regulations that require us to know who we’re dealing with. In general, we won’t be able to deal with you anonymously or where you are using a pseudonym when:
In certain circumstances we may be required to collect government-related identifiers such as your tax file number. We will not use or disclose this information unless we are authorised by law.
This Policy may change. We will let you know of any changes to this Policy by posting a notification on our website. Any information collected after an amended privacy statement has been posted on the site, will be subject to that amended privacy statement.