At Beyond Bank, we take your privacy very seriously.
We understand the importance of protecting your privacy and are committed to the Privacy Act 1988 (Commonwealth) and the Australian Privacy Principles.
We only collect, use or store your personal information in accordance with the requirements of privacy laws, and our policies and procedures.
1 Key types of information
"Personal information" means information or an opinion about you, (if you are an individual), where you can be identified, or can reasonably be identified, from that information. Although we try to make sure that all information we hold about you is accurate, "personal information" also includes any inaccurate information about you.
"Credit eligibility information" means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about your credit worthiness (if you are an individual).
"Credit information" means personal information that includes the following:
- information, such as your name and address, that we may use to identify you;
- information about your current or terminated consumer credit accounts including repayment history;
- the type and amount of credit you have applied for in any previous consumer or commercial credit applications to any credit provider (eg bank or non-bank lender), where that credit provider has requested information;
- information about you from a credit reporting body;
- information about any consumer credit payments overdue for at least 60 days where the overdue amount is $150 or more and collection action has started;
- advice that payments that were previously notified to a credit reporting body as overdue are no longer overdue;
- information about new credit arrangements you may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any of your defaults or serious credit infringements;
- information about court judgments which relate to credit that you have obtained or applied for;
- information about you on the National Personal Insolvency Index;
- publicly available information about your credit worthiness; and
- an opinion of a credit provider that you have committed a serious credit infringement of credit provided by that credit provider.
We may not hold all of this type of information about you. However, if we hold any of this type of information, it is protected as "credit information" under the Privacy Act.
"Credit-related information" means credit information, credit eligibility information and related information.
We will only collect your personal information (including credit information) directly from you, unless you have provided your consent. We generally collect your personal information from your application for one of our products or services, and from supporting documentation.
We will only ask for personal information relevant to our business relationship with you. When you first apply to become a customer, or apply for one of our products or services, we may request:
- information such as your name, address, date of birth and contact details to so we can identify and contact you;
- your tax file number;
- for credit products (eg credit card, loan), information about your financial position such as your income, expenses, assets and liabilities, employment details, and any (other) credit arrangements; and
- your reasons for applying for a product or service.
We may also need to collect personal information (including credit-related information) about you from third parties. For example, when assessing an application for credit from you, we may collect personal information from your employer, other credit providers and third party service providers including credit reporting bodies. Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers and others in the credit industry to assist them in managing credit risk, collecting debts and other activities. You can ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.
If you do not provide us with the personal information that we request, we may not be able to consider your application for credit or provide other products and services.
3 Laws under which we are required to collect your personal information
The Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No 1) (Cth) requires that we collect certain information from you prior to admitting you as a customer. For example, if you are opening a membership as an individual, we are required to collect your full name, date of birth and current residential address. We are also required to verify this information using a reliable and independent source. Different information is required to be collected and verified if you are opening a membership in a capacity other than as an individual (eg a company).
The National Consumer Credit Protection Act 2009 (Cth) requires that we collect personal information from you when you are applying for credit from us. We are required to collect the information about your credit requirements, objectives and financial situation. We are also required to collect the necessary information to verify your financial situation, which includes verifying your income and employment details.
We may use your personal information (including credit-related information) for the purpose of providing products and services to you and managing our business. This may vary depending on which products and services you have applied for and which member of the Group you are dealing with. This may include:
- assessing and processing your application for our products and services;
- executing your instructions;
- ongoing servicing of our relationship with you;
- uses required or authorised by law;
- protecting you and us from error or fraud;
- research and development;
- collecting overdue payments due under our credit products;
- managing our rights and obligations regarding external payment systems; or
- direct marketing.
We do not use or disclose your personal information (including credit-related information) for a purpose other than one:
- you would reasonably expect;
- required or permitted by law; or
- otherwise disclosed to you to which you have consented.
We may disclose your personal information (including credit-related information) to other organisations that provide services that assist us in supplying or administering the products and services we offer.
Organisations to which we will usually disclose your personal information include:
- our related companies;
- external organisations that are our assignees, agents or contractors;
- external service providers to us, such as:
- those we use to verify your identity;
- those we use to provide you with our products and services, including those for whom we act as an agent;
- administration service platforms;
- fund managers;
- payment systems operators;
- information technology service providers;
- printing and mailing houses;
- fraud prevention service providers; and
- research consultants;
- our professional advisors, such as accountants, lawyers and auditors; and
- your representative, for example, lawyer, conveyancer, mortgage broker, financial advisor, accountant, stockbroker or attorney, as authorised by you.
Organisations to which we may disclose your personal information include:
- insurers and re-insurers, where insurance is provided in connection with our services to you;
- superannuation funds, where superannuation services are provided to you;
- loyalty and affinity program partners;
- those involved in a transfer of all or part of our assets or business;
- other financial institutions, for example, if you ask us to process a payment or funds transfer to an account at another financial institution;
- credit reporting bodies, including disclosing that you are in default under a credit agreement or commit a serious credit infringement, if that is the case;
- lenders' mortgage insurers, where relevant to credit we have provided;
- debt collecting agencies, if you have not repaid a loan as required;
- state or territory authorities, or PEXA (the national electronic property exchange), that give assistance to facilitate the provision of home loans to individuals;
- certain entities that have bought or otherwise obtained an interest in your credit product, or that are considering doing so, and their professional advisors;
- if required or authorised by law, government and regulatory authorities (eg the Australian Taxation Office, the Courts under subpoena, our auditors, and regulators such as APRA, ASIC and AUSTRAC); and
- other organisations for which you have provided your consent.
We may also disclose your information:
- if in the public interest to do so (eg if a crime, fraud, or misdeed is committed or is suspected, disclosure to a law enforcement body may be justified); or
- if in our interest to do so (eg disclosure to a Court in the event of legal action to which we are a party).
However, we will never sell any of your personal information to any other organisation.
We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.
5.1 Disclosure outside of Australia
From time to time we may use service providers or other third parties which operate or hold data outside of Australia. This may result in your personal information being stored overseas. These parties are selected specifically to assist in enabling us to provide products or services to you, in particular information technology solutions. At present our arrangements include providers based in the United States of America and the Netherlands1. Where this occurs we ensure that appropriate data handling and security arrangements are in place to protect your data.
6 Sensitive information
Where it is necessary to do so, we may collect personal information about you that is sensitive. Sensitive information includes information about an individual's health and membership of a professional or trade association.
Unless we are required or permitted by law to collect that information, we will obtain your consent.
7 Refusal of credit applications
We may refuse an application for consumer credit made by you on your own or with other applicants. Our refusal may be based on credit eligibility information obtained from a credit reporting body about you, another applicant or another person proposed as guarantor. In that case, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.
We take all reasonable steps to ensure that your personal information (including credit-related information), collected through our website or otherwise and subsequently held by us, is protected from:
- misuse, interference and loss; and
- unauthorised access, disclosure or modification.
We ask you to keep your passwords and PINs confidential, and in a secure location.
When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we take reasonable steps to ensure it is destroyed or de-identified.
When you browse our website or mobile app services you will do so anonymously. Personal information, such as your name, address, telephone number or email address, is not collected. We use ‘cookies’ to collect information about how our website is used. ‘Cookies’ give users a unique, random ID by storing small text files onto a user’s computer with their web browser. They enable a website to track a user’s activities.
You may change the settings on your browser to reject cookies. However, doing so might prevent you from accessing the secured pages of our website and those of other websites.
9.2 Information Collected
Our website and mobile app offer a number of interactive facilities including tools such as calculators, as well as online surveys, communication and application forms.
If you visit an unsecure area of the website (ie an area where you are not required to log on) to read, browse or download information, our system will record the date and time of your visit to our site, the pages viewed and any information downloaded. However, our systems will not record any personal information.
If you use any of the tools such as our calculators, we generally do not capture any personal information that you may enter when using these tools. However, we may aggregate this information to provide us with insights into how to provide better services to you.
Instances where we will retain your personal details:
- When a tool or application allows you to suspend or save your progress and retrieve the details at a later time, such as our Car Loan, Personal Loan and Home Loan applications. In this case the information is stored on our systems so that you may resume your application, or your application may be retrieved by us.
- When you use our live chat service on our website or mobile app, we will store the email address and phone number (if you have provided it) for a period of time to allow us to contact you outside of the live chat environment if you require us to do so.
- If you decide to complete an online application form or online survey, the information that you enter into the online form or survey will be collected by us once you submit your online application or survey to allow us to contact you about your application.
When we receive emails, we will retain the content of the email and our response to you.
Your email address will only be used or disclosed for the purpose for which it was provided. It will not be added to any mailing lists or used for any other purpose without your consent.
Email itself is an unsecure medium. Therefore, when emailing us, you should be aware that, when transmitted, the data may be visible while in transit. When providing us personal information, secure options should be used such as our Secure Inbox within our Internet Banking service.
9.4 Mobile App
9.4.1 Our security practices
We are committed to providing safe mobile banking services. All use of our mobile banking application and transactions through the mobile app are encrypted. Encryption protects any
personal information you send to us through our mobile banking service. Only authorised employees or agents of the Group can gain access to this information.
Banking transaction and balance alerts can be established via our mobile banking app. These alerts can only be established by you and the secure detail of the alert can only be viewed when you are logged into mobile banking. Your mobile device will, however, receive push notifications from our systems through its operating system’s notification facility indicating to you that an alert has been produced and is ready to be viewed through mobile banking. These push notifications will not present personal information.
9.4.3 Location based services
We use your current location to determine the closest bank branch, ATM, access point or other services that we consider may be of benefit to you, when you allow us to do so via a setting on your mobile device. This information is only used while determining the standard bank services closest to you and we do not store this information.
9.5 Website Security
We use information security standards applicable to banking to establish secure connections with you and to limit access to databases containing personal information to authorised personnel only. When we capture your personal information it is passed through our secure server using SSL and/or TLS encryption technology to ensure it is protected when transmitted over the internet. However, we cannot guarantee that any information transmitted via the internet by us, or you, is entirely secure.
9.6 Links on our website
Where you access a third party website from our website, cookie information about your preferences or other information you have provided about yourself may be shared between us and the third party. You cannot be identified from the information that is shared. However, if you can be identified from this information, we will seek your consent before sharing such information.
9.7 Advertising and Tracking
We use an advertising company to deliver our online advertising where banner advertisements are placed on third party websites.
When you view our advertisements on a third party website, the advertising company uses 'cookies' to collect information such as:
- The server your computer is logged on to;
- Your browser type;
- Your device type;
- The date and time of your visit; and
- The performance of their marketing efforts.
When you click on one of our advertisements that appears on another website, the advertising company will collect information on how you utilise our website (eg which pages of our website you view) and whether you complete an online application. In addition, we also use other service providers, known as tracking companies, to collect information on how you use our website.
The advertising company and tracking companies use the information they collect to perform statistical analyses of aggregate user behaviour, but those analyses are not based on personal information. We use those analyses to measure advertising effectiveness and relative consumer interest in the various areas of our website. As a general rule, no personal information is collected by the companies in this process. If, however, any information is automatically collected, these companies are required under their arrangements with us to maintain the privacy and confidentiality of that personal information.
We may disclose the information collected by a company, in an aggregate form only, to third parties including advertisers or potential advertisers.
We utilise third party software to create heat maps of our website pages. Heat maps are aggregations of data regarding which parts of our website people view and what links they click on. This information can be used to optimise the information we provide via our website and how we link pages, with the aim of creating a better experience for visitors. The software does not collect personal information about you but does create a cookie that allows the software to detect whether you are a first time or return visitor.
9.8 Beyond Money Website
We will respond to your request for access within a reasonable time. If we refuse to give you access to any of your personal information, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. You can contact our Privacy Officer if you would like to challenge our decision to refuse access.
We may recover the reasonable costs that we incur for responding to your request for access to your personal information.
We may use your personal information, including your contact details, to provide you with information about our products and services, including those of third parties, and competitions or promotions which we consider may be of interest to you.
We may also provide your details to third party organisations with which we have arrangements for marketing products and services to our customers.
12.1 Opting Out
You may opt out at any time if you no longer wish to receive marketing information or do not wish to receive marketing information through a particular channel, such as email. In order to do so, simply contact us and let us know that you no longer want us to send you marketing materials or disclose your information to other organisations for marketing purposes. You can also 'unsubscribe' from our email marketing messages, which always include an unsubscribe option.
To help us reach the right people with direct marketing for our credit products or services, we may ask a credit reporting body to "pre-screen" a list of potential recipients of our direct marketing against our eligibility criteria to remove recipients who do not meet those criteria. The credit reporting body cannot use information about your existing loans or repayment history in carrying out its pre-screening and it must destroy its pre-screening assessment once it has given us, or a contractor acting on our behalf, the list of eligible recipients. If you do not want your credit information used for pre-screening by a credit reporting body that holds credit information about you, you can opt out by informing that credit reporting body. The credit reporting bodies we use are Equifax Pty Ltd (https://www.equifax.com.au) and Illion Australia Pty Ltd (https://www.illion.com.au). The contact details for these bodies are available on their respective websites.
14 Questions and complaints
Once a complaint has been lodged, the Privacy Officer will respond to you as soon as possible. We will aim to deal with your complaint at the source of your complaint.
If you are still not satisfied, you can contact external bodies that deal with privacy complaints. These are the Australian Financial Complaints Authority, which is an independent external dispute resolution scheme, and the Australian Government’s Privacy Commissioner. Either of these bodies may forward your complaint to the other if it considers the complaint would be better handled by that other body.
- Australian Financial Complaints Authority Post: GPO Box 3, Melbourne VIC 3001 Telephone: 1800 931 678 Website: www.afca.org.au
- Federal Privacy Commissioner Post: GPO Box 5218, Sydney NSW 2001 Telephone: 1300 363 992 Website: www.oaic.gov.au
15 Privacy Officer
Our Privacy Officer's contact details are:
Beyond Bank Australia
GPO Box 1430 Adelaide SA 5001
In the first instance, all privacy queries or complaints are handled by our Customer Experience Manager
Beyond Bank Australia
GPO Box 1430 Adelaide SA 5001
Telephone: 13 25 85
1Disclosure in this country is limited to disputed transactions and chargebacks relating to eftpos.