We are bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act). We are also bound by Division 3 of Part IIIA of the Privacy Act, which regulates the handling of credit information, credit eligibility information and related information by credit providers.
1. Key types of information
"Personal information" means information or an opinion about an individual who is identified, or who can reasonably be identified, from the information. Although we try to make sure that all information we hold is accurate, "personal information" also includes any inaccurate information about the individual.
"Credit eligibility information" means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about an individual's credit worthiness.
"Credit information" means personal information that includes the following:
- information about an individual, like their name and address, that we may use to identify that individual
- information about an individual's current or terminated consumer credit accounts and, from 12 March 2014, an individual's repayment history
- the type and amount of credit applied for in any previous consumer or commercial credit applications to any credit provider, where that credit provider has requested information
- information about an individual from a credit reporting body
- information about consumer credit payments overdue for at least 60 days and for which collection action has started
- advice that payments that were previously notified to a credit reporting body as overdue are no longer overdue
- information about new credit arrangements an individual may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any defaults or serious credit infringements by that individual
- information about court judgments which relate to credit that an individual has obtained or applied for
- information about an individual on the National Personal Insolvency Index
- publicly available information about an individual's credit worthiness, and
- an opinion of a credit provider that an individual has committed a serious credit infringement of credit provided by that credit provider.
"Credit-related information" means credit information, credit eligibility information and related information.
We will only collect personal information (including credit information) directly from you, unless you have provided your consent. This information will generally come from what you provide in your application for one of our products or services and supporting documentation.
We only ask for personal information relevant to our business relationship with a customer. When you first apply to become a customer, or apply for one of our products or services, we may request:
- identifying information, like your name, address and other contact details and your date of birth
- information about your financial position, like your income, expenses, savings and assets and any (other) credit arrangements
- your employment details
- your tax file number, and
- your reasons for applying for a product or service.
We may also need to collect personal information (including credit-related information) about you from third parties. For example, when assessing an application for credit from you we may collect personal information from your employer, other credit providers and third party service providers including credit reporting bodies. Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers and others in the credit industry to assist them in managing credit risk, collecting debts and other activities. From 12 March 2014, you can also ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.
Some information is created through our internal processes, like credit eligibility scoring information.
We may use your personal information (including credit-related information) for the purpose of providing products and services to you and managing our business. This may vary depending on which products and services you have applied for and which member of the Beyond Bank Group of companies you are dealing with. This may include:
- assessing and processing your application for the products and services we offer
- executing your instructions
- ongoing servicing of our relationship with you
- charging and billing
- uses required or authorised by law
- protecting you and us from error or fraud
- research and development
- collecting overdue payments due under our credit products
- managing our rights and obligations regarding external payment systems, or
- direct marketing.
We do not use or disclose your personal information (including credit-related information) for a purpose other than:
- a purpose you would reasonably expect
- a purpose required or permitted by law, or
- a purpose otherwise disclosed to you to which you have consented.
We may disclose your personal information (including credit-related information) to other organisations that provide services that assist us in supplying or administering the products and services we offer.
Organisations we will usually disclose your personal information to include:
- our related companies
- external organisations that are our assignees, agents or contractors
- external service providers to us, such as
- those we use to verify your identity
- payment systems operators
- our computer bureau (Data Acton Pty Ltd)
- printing and mailing houses
- fraud prevention service providers, and
- research consultants
- our professional advisors, such as accountants, lawyers and auditors
- your representative, for example, lawyer, mortgage broker, financial advisor or attorney, as authorised by you.
Organisations we may disclose your personal information to include:
- insurers and re-insurers, where insurance is provided in connection with our services to you
- superannuation funds, where superannuation services are provided to you
- loyalty and affinity program partners
- those involved in a transfer of all or part of our assets or business
- other financial institutions, for example, when you apply for a loan from another credit provider and you agree to us providing information
- credit reporting bodies, including disclosing that you are in default under a credit agreement or commit a serious credit infringement, if that is the case
- lenders' mortgage insurers, where relevant to credit we have provided
- debt collecting agencies, if you have not repaid a loan as required
- state or territory authorities, or PEXA (the national electronic property exchange), that give assistance to facilitate the provision of home loans to individuals
- certain entities that have bought or otherwise obtained an interest in your credit product, or that are considering doing so, and their professional advisors
- if required or authorised by law, to government and regulatory authorities (e.g. the Australian Taxation Office; disclosure to the Courts under subpoena; and disclosure to our auditors, and regulators such as APRA, ASIC and AUSTRAC),
- if in the public interest to do so (e.g. if a crime, fraud, or misdeed is committed or is suspected, disclosure to a law enforcement body may be justified);
- if in our interest (e.g. disclosure to a Court in the event of legal action to which we are a party); or
- where you have provided your consent.
However, we will not sell any of your personal information to any other organisation.
We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.
Disclosure outside of Australia:
From time to time we may use service providers or other third parties who operate or hold data oustide of Australia, which may result in your personal information being stored overseas. These parties are selected specifically to assist in enabling us to provide products or services to you, in particular information technology solutions. At present our arrangements include providers based in the United States of America. Where this occurs we will ensure that appropriate data handling and security arrangements are in place to protect your data.
5. Sensitive information
Where it is necessary to do so, we may collect personal information about you that is sensitive. Sensitive information includes information about an individual's health, and membership of a professional or trade association.
Unless we are required or permitted by law to collect that information, we will obtain your consent. However, if the information relates directly to your ability to meet financial obligations that you owe to us, you are treated as having consented to its collection.
6. Refusal of credit applications
We may refuse an application for consumer credit made by you individually or with other applicants. Our refusal may be based on credit eligibility information obtained from a credit reporting body about you, another applicant or another person proposed as guarantor. In that case, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.
We take all reasonable steps to ensure that your personal information (including credit-related information), held on our website or otherwise, is protected from:
- misuse, interference and loss, and
- unauthorised access, disclosure or modification.
We ask you to keep your passwords and personal identification numbers safe, in accordance with our suggestions.
When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we take reasonable steps to ensure that it is destroyed or de-identified.
When you browse our website or mobile app services you will do so anonymously. Personal information, such as your name, address, telephone number or email address, is not collected. We use ‘cookies’ to collect information about how our website is used. ‘Cookies’ give users a unique, random ID by storing small text files onto a user’s computer with their web browser. They enable a website to track a user’s activities.
You may change the settings on your browser to reject cookies, however doing so might prevent you from accessing the secured pages of our website and that of other websites.
Our website and mobile app offers a number of interactive facilities including tools such as calculators, as well as online surveys, communication and application forms.
If you visit an unsecure area of the website (that is, an area where you are not required to log on) to read, browse or download information, our system will record the date and time of your visit to our site, the pages viewed and any information downloaded. However, our systems will not record any personally identifiable information.
If you use any of the tools such as our calculators we generally do not capture any personally identifiable information that you may enter when using these tools. However we may aggregate this information to provide us with insights on how to provide better services to you.
Instances where we will retain your personal details:-
- When a tool or application allows you to suspend or save your progress and retrieve the details at a later time such, for example our Car Loan, Personal Loan and Home Loan applications. In this case the information is stored on our systems so that you may resume your application, or your application may be retrieved by us.
- In the instance of where you use our live chat on our website or mobile app we will store for a period of time the email address provided for the purposes of chat and chat history which can be retrieved by us.
- If you decide to complete an online application form or online survey, the information that you enter into the online form or survey will be collected by us once you submit your online application or survey.
When we receive emails, we will retain the content of the email and our response to you where we consider it necessary to do so.
Your email address will only be used or disclosed for the purpose for which it was provided. It will not be added to any mailing lists or used for any other purpose without your consent.
Email itself is an unsecure medium, therefore when emailing Beyond Bank direct, you should be aware that when in transmission, the data may visible while in transit. When advising Beyond Bank of sensitive information, secure options should be used such as Internet Banking, Secure Inbox & our website.
Our security practices
We are committed to providing safe mobile banking services. All use of our mobile banking application and transactions through the mobile app are encrypted. Encryption protects personal information you send when you fill in application forms online. Only authorised Beyond Bank employees or agents can gain access to this information.
Banking transaction and balance alerts can be established via our mobile banking app. These alerts can only be established by you the customer and the secure detail of the alert can only be viewed when you are logged into mobile banking. Your smartphone will however receive push notifications from our systems through its operating systems notification facility indicating to you that an alert has been produced and is ready to be viewed through mobile banking. These push notifications will not present information that is deemed to be private and secure.
Location based services
We use your current location to determine the closest bank branch, ATM, access point or other services that we consider may be of benefit to you, when you allow us to do so via a setting on your smartphone. This information is only used while determining the standard bank services closest to you and we do not store this information. This service is provided via a link to a third party – Google.
We recognise your concern for security, and will use reasonable efforts to establish secure connections with you and to limit access to databases containing personal information to authorised personnel only. When we capture your personal information it is passed through our secure server using SSL and/or TLS encryption technology to ensure it is protected when transmitted over the internet. However, we cannot guarantee that any information transmitted via the internet by us, or you, is entirely secure.
Your information will be processed using the Web Site Trust Services provided by Digicert. For more information see www.digicert.com
Links on our website
Where you access a third party website from our website, cookie information about your preferences or other information you have provided about yourself may be shared between us and the third party. You cannot usually be identified from the information that is shared; if you can be identified from this information, we will seek your consent before sharing such information.
Advertising and Tracking
We use DoubleClick TM (http://www.google.com.au/doubleclick/) to deliver its online advertising where banner advertisements are placed on Third Party websites ('Advertising Company').
When you view a Beyond Bank Australia advertisement on a third party website, the ‘advertising company’ uses 'cookies' to collect information such as:
- The server your computer is logged onto;
- Your browser type;
- Your device type:
- The date and time of your visit; and
- The performance of their marketing efforts.
When you click on a Beyond Bank Australia advertisement, that appears on another website, the advertising company will collect information on how you utilise our website (e.g. which pages of our website you view) and whether you complete an online application.
In addition, we also use the following companies to collect information on how you use our website:
- Google analytics and Google Tag Manager– ('tracking companies').
- Crazy Egg
The advertising company and tracking companies ('companies') use that information to perform statistical analyses of aggregate user behaviour, but those analyses are not based on personal information. We use those analyses to measure advertising effectiveness and relative consumer interest in the various areas of our website. As a general rule, no personal information is collected by the companies in this process. If, however, any information is automatically collected, these companies are required under their arrangements with us to maintain the privacy and confidentiality of that personal information.
We use Optimizely to test changes to the design or format of website pages. It allows us to constantly test and improve our website based on visitor responses. The software does not collect personal information but uses a unique identifier assigned by the Beyond Bank cookie.
We may disclose the information collected by a company, in an aggregate form only, to third parties including advertisers or potential advertisers.
You can access the Privacy Statements from the Companies here:
- Google analytics (http://www.google.com/analytics/ )
- Tag Manager ( http://www.google.com/tagmanager/)
- Crazy Egg (https://www.crazyegg.com/privacy)
- Optimizely (https://www.optimizely.com/privacy)
More Than Money website
We will respond to your request for access within a reasonable time. If we refuse to give you access to any of your personal information, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. You can contact our Privacy Officer if you would like to challenge our decision to refuse access.
We may recover the reasonable costs of our response to a request for access to personal information.
We may use your personal information, including your contact details, to provide you with information about products and services, including those of third parties, which we consider may be of interest to you. We are permitted to do this while you are our customer, and even if you are on the Do Not Call Register.
We may also provide your details to other organisations for specific marketing purposes.
We will consider that you consent to this, unless you opt out. You may opt out at any time if you no longer wish to receive marketing information or do not wish to receive marketing information through a particular channel, like email. In order to do so, you will need to request that we no longer send marketing materials to you or disclose your information to other organisations for marketing purposes. You can make this request by contacting us at any time, or by 'unsubscribing' from our email marketing messages, which always include an unsubscribe option.
To help us reach the right people with direct marketing for our credit products or services, we may ask a credit reporting body to "pre-screen" a list of potential recipients of our direct marketing against our eligibility criteria to remove recipients that do not meet those criteria. From 12 March 2014, the credit reporting body cannot use information about your existing loans or repayment history in carrying out its pre-screening and it must destroy its pre-screening assessment once it has given us, or a contractor acting on our behalf, the list of eligible recipients. From 12 March 2014, if you do not want your credit information used for pre-screening by a credit reporting body that holds credit information about you, you can opt-out by informing that credit reporting body. The credit reporting body we use is Veda Advantage, whose contact details are available on their website (www.veda.com.au).
13. Questions and complaints
Once a complaint has been lodged, the Privacy Officer will respond to you as soon as possible. We will aim to deal with your complaint at the source of your complaint
If you are still not satisfied, you can contact external bodies that deal with privacy complaints. These are Financial Ombudsman Scheme which is our external dispute resolution scheme, the Federal Privacy Commissioner or, in the case of insurance-related privacy complaints, the Australian Prudential Regulation Authority. Any of these bodies may forward your complaint to another external dispute resolution body if it considers the complaint would be better handled by that other body.
Financial Ombudsman Service Post: GPO Box 3, Melbourne VIC 3001 Telephone: 1800 367 287 Website: www.fos.org.au
Federal Privacy Commissioner Post: GPO Box 5218 Sydney NSW 2001 Telephone: 1300 363 992 Website: www.oaic.gov.au
Australian Prudential Regulation Authority Post: GPO Box 9836, Sydney NSW 2001 Telephone: 1300 55 88 49 Website: www.apra.gov.au
14. Privacy Officer
Our Privacy Officer's contact details are:
Beyond Bank Australia
GPO Box 1430 Adelaide SA 5001
In the first instance all privacy queries or complaints are handled by our Customer Advocate Officer
Address: GPO Box 1430, Adelaide SA 5001
Telephone: 13 25 85