The obligations of this policy:
1. Our commitment
The protection of your privacy and maintaining confidentiality of your personal information is considered to be of the utmost importance and we take very seriously the ongoing trust that you place in us to protect your personal information.
In handling your personal information, we are bound by, and committed to complying with, the Privacy Act 1988 (Commonwealth), the National Privacy Principles set out in the Privacy Act 1988, applicable Codes of Practice and any other laws and codes regulating the collection, use, storage or disclosure of your personal information. We have a general duty to keep confidential all personal information we hold about you, including your name, date of birth, address, financial data, and details of transactions on your accounts.
- how we collect your personal information, and why we collect it;
- how we use your personal information;
- the need for us to provide your personal information to selected third parties to enable us to provide you with the products and/or services you request;
- the steps we take to protect and keep secure the personal information we hold about you; and
- how you may access the personal information that we hold and the steps you may take if you believe that the personal information is not accurate.
2. Privacy Act
The national privacy scheme is a legislative framework of privacy laws for the Australian private sector. It is designed to give appropriate privacy protection to individuals when private sector organisations seek to collect, use, store, disclose, correct or transfer their personal information.
The legislative framework for the Scheme comprises three tiers:
- New provisions in the Privacy Act 1988 (Commonwealth) introduced by the Privacy Amendment (Private Sector) Act 2000. These have the force of law.
- The National Privacy Principles contained in Schedule 3 of the Privacy Act 1988 (Commonwealth). These have the force of law but are worded in general terms.
- The federal Privacy Commissioner has powers under section 27(1)(e) of the Privacy Act 1988 (Commonwealth) to make guidelines to help organisations avoid breaching the Privacy Act 1988 (Commonwealth). Guidelines made under this power are advisory and so are not directly legally binding.
3. How we collect your personal information, and why we collect it
We collect most personal information about you directly from yourself. For example, we may collect your personal information when you become a customer, complete an application form for one of our many products or services, deal with us over the phone, send us a letter, visit our website, or have contact with us in person.
There may be occasions when we need to obtain your personal information from a third party. An example would be collecting personal information from a credit reporting agency if you apply for a loan or credit facility.
Initially, we collect your personal information to enable you to become a customer of Beyond Bank. It is then used to enable us to provide you with the products and services that you apply for, or use.
We also collect your personal information so that we can provide you with information about our products and services (marketing information), unless you tell us you do not wish to receive it (refer to section 7 below). We may also collect your personal information to enable us to conduct research to identify the products, services and community programs that you would like us to provide.
We only collect your personal information if a) it is necessary to enable us to provide you with the products or services that you have requested or b) you have provided your consent. The types of personal information collected may include your:
- contact details such as telephone and mobile phone numbers and email address;
- current residential and postal address;
- current and past employers;
- annual income and other financial details; and
- date of birth.
4. We will use your personal information for the primary purpose for which it was collected and only for related secondary purposes
When we collect your personal information we will use it for the primary purpose for which it was collected. The primary purpose will generally be apparent at the time the personal information is collected. For example, when completing an application form for a new product or service the primary purpose for collecting your personal information is to enable us to provide you with the product or service you are applying for. If you are unsure why we are collecting your personal information, please ask us and we will tell you.
We may also use your personal information for a related secondary purpose. This is permitted under National Privacy Principle 2 and may include:
- internal accounting and administration;
- regulatory reporting and compliance;
- ongoing servicing of our relationship with you; and
- protecting you and us from error and fraud.
5. Providing personal information to third parties
Sometimes we may need to give some of your personal information to organisations that assist us in supplying, or in administering, our products and services to you, and assist us in giving you the information that you are entitled to as a customer. Examples of such organisations are:
- Our related entities (e.g. Eastwoods Wealth Management Pty Ltd ABN 17 008 167 002 AFSL 237853 and Eastwoods Accounting and Taxation Pty Ltd ABN 32 008 214 033).
- Cuscal Ltd and its subsidiaries;
- Data Action Pty Ltd (our computer bureau);
- printing and mailing houses;
- fraud prevention service providers;
- electronic identification verification service providers;
- issuers of third party products with whom we have an alliance (e.g. Allianz Insurance);
- loyalty and affinity program partners;
- those involved in market and other research;
- those involved in securitisation arrangements;
- those involved in a transfer of all or part of the assets or business of the Group;
- insurers (e.g. lenders mortgage insurers);
- legal advisors;
- conveyancers; and
- organisations where you have provided your consent.
These organisations may only use your information to the extent necessary to provide the services we require. We may also exchange your personal information with affiliated product and service providers and external product and service providers for whom we act as an agent or referrer (so that they may provide you with the product or service you have requested, or in which you have expressed interest in, or which you may find of interest). Examples of such organisations are insurance companies, travel companies, credit card companies and other financial services organisations.
Whilst we abide by our general duty of confidentiality, we may disclose your personal information if that disclosure is:
5.1 Required to comply with our legal obligations
This includes disclosure to various government departments and agencies (e.g. the Australian Taxation Office); disclosure to the Courts under subpoena; and disclosure to our auditors, and regulators such as APRA, ASIC and AUSTRAC.
5.2 In the public interest
If a crime, fraud, or misdeed is committed or is suspected, disclosure may be justified.
5.3 In our interest
This may include disclosure to a Court in the event of legal action to which we are a party; or necessary disclosure in connection with the sale of selected loans by us to a third party (securitisation). We will not sell any of your personal information to any other organisation.
6. Use of identifiers
In certain circumstances we may be required to collect government identifiers such as tax file numbers (TFNs), Medicare numbers, pension numbers, or any other Commonwealth, State or Territory government agency identifiers. This information is usually collected as part of our identification process when you become a customer. We will only use or disclose this information for verification or re-verification purposes, or for purposes required by law, such as disclosing customer’s TFNs to the Australian Taxation Office.
7. Consent for us to obtain and/or disclose personal information
We will only use your personal information for a purpose other than the primary purpose for which it was collected, or a related secondary purpose, with your consent.
In some circumstances your consent will be express. For example, when you complete a loan application, you are invited to give your express consent for us to obtain a credit reference about you from a credit reporting agency. Express consent is often given in writing, but it may be given orally.
In some circumstances, your consent may be implied by your conduct. For example, you may be invited to contact us if you do not wish us to use personal information for a particular purpose, and your consent to that use may be implied if you do not contact us.
If you do not provide us with consent to collect, use, store or disclose your personal information, under certain circumstances we may not be able to provide you with some of our products and/or services.
We will comply with the credit reporting provisions of Part IIIA of the Privacy Act 1988 (Commonwealth). If that Part prohibits the collection, use or disclosure of information about you without your express consent, we will not collect, use or disclose that information unless and until your express consent has been obtained.
8. Marketing information
We may use your personal information, such as your name and address, to provide you with information about the other products and services that are available from us, from our related entities, and from other businesses with which we or our related entities have relationships. We may also use your personal information to invite you to participate in research which will assist us in offering products and services that suit your financial needs.
You can opt out of receiving any direct marketing information at the time you become a customer of Beyond Bank or at any other time by notifying us that you do not wish to receive any marketing material. Additionally, in any direct marketing material that we send to you, we will advise you that you can opt out of receiving any more direct marketing material. We will not send any direct marketing material to you if you have notified us that you do not wish to receive such material.
9. Keeping your personal information accurate, complete and up to date
Our ability to provide you with the best possible level of service is dependent on us having accurate personal information about you.
We will take all reasonable steps to ensure that your personal information is accurate, complete, and up to date whenever we collect or use it, or are required to disclose it.
If we become aware that the personal information we hold in our records is inaccurate or incomplete, either because you have contacted us or otherwise, we will correct it as soon as practicable. If you disagree with us about whether your personal information is accurate, complete or up to date, you have the right to request that a statement be attached to your personal information claiming that the information is inaccurate, incomplete or out of date.
10. Storage of customer’s personal information
We will take reasonable measures to protect all personal information that we hold from misuse, loss, unauthorised access, modifications or disclosure.
Only authorised users may access your personal information, and access is only for approved purposes.
Your personal information may be stored as hardcopy documents or as electronic data.
We maintain physical security over our paper and electronic data stores by using locks and security systems and other measures deemed appropriate. We also maintain computer and network security that includes such measures as firewalls (Internet security measures), data encryption and passwords to control access to our computer systems.
We have a documented data risk management system to help maintain the security and integrity of both customer and corporate information.
We also maintain a records retention policy, which specifies that information no longer required be destroyed in a confidential manner. We use a specialist third party document storage organisation to securely store certain hard copy documents until their retention date expires, after which they are confidentially destroyed.
In addition, all employees sign a confidentiality agreement as a condition of their employment.
11. Website security and privacy
The use of the Internet allows us to provide banking and financial services that you can access whenever it is convenient to you from wherever you have Internet access.
We appreciate that you may have concerns about the confidentiality and security of the personal information that we may collect about you online. In recognition of your possible concerns, we have implemented systems to ensure that our online dealings with you are as secure and confidential as your dealings with us in person, or on the telephone. These measures include only collecting personal information from you, or disclosing personal information to you, through secure channels, such as our secure messaging service within Internet banking.
12. Dealing with us anonymously
In most situations, you will be required to provide us with your personal information because this information is required in order for us to provide products and services to you.
However, we will deal with you anonymously where it is lawful and practical to do so. For example, if you have a general inquiry about one of our products or services such as our interest rates, you will not need to provide us with personal information.
13. Your rights to access your personal information and how to contact us
We will, upon request, provide you with access to the personal information we hold about you, except to the extent that:
a) in the case of personal information other than health information – providing access would pose a serious and imminent threat to the life or health of any individual; or
b) in the case of health information – providing access would pose a serious threat to the life or health of any individual; or
c) providing access would have an unreasonable impact upon the privacy of other individuals; or
d) the request for access is frivolous or vexatious; or
e) the information relates to existing or anticipated legal proceedings between us and you, and the information would not be accessible by the process of discovery in those proceedings; or
f) providing access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations; or
g) providing access would be unlawful; or
h) denying access is required or authorised by or under law; or
i) providing access would be likely to prejudice an investigation of possible unlawful activity; or
j) providing access would be likely to prejudice:
i. the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; or
ii. the enforcement of laws relating to the confiscation of the proceeds of crime; or
iii. the protection of the public revenue; or
iv. the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or
v. the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its orders; by or on behalf of an enforcement body; or
k) an enforcement body performing a lawful security function asks us not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
If we are not required to provide you with access to your personal information, we will:
a) if reasonable, consider whether the use of a mutually agreed intermediary is appropriate; and
b) advise you of the reasons for denial of access.
We may recover reasonable costs from you for supplying you with access to your personal information. To facilitate the provision of information, we will request that you identify, as clearly as possible, the information you require.
We will respond to your request as soon as is reasonably practicable, taking into account the age, nature and amount of information requested.
To contact us about privacy issues, you can speak to a consultant at your nearest branch, phone us on 13 25 85, email us at firstname.lastname@example.org or write to the Customer Advocate at our mailing address.