The privacy of your information is very important to us. Our promise to you is to provide you with the best possible service, while protecting your privacy. We will ensure that your information is secure and handled in accordance with the Privacy Act 1988, including the Australian Privacy Principles (APPs) and the Privacy (Credit Reporting) Code.
This policy sets out how we will manage and deal with your personal information (including your credit-related information), whether you’re our customer or any other person we deal with as part of our business.
We securely exchange personal information between these organisations including for purposes related to ensuring applicable legal obligations are met.
This policy is effective as at 17 May 2022. We may update this policy – if we do, you’ll always find the most up-to-date version on the website or in the app.
What is personal information?
Personal information is information about an individual who is identified or reasonably identifiable by the information (for example, your name, tax file number and date of birth).
Credit-related information (which includes credit information and credit eligibility information) is a type of personal information. This includes information from your credit report (or information derived from this report), your repayment history for loans from other credit providers, the amount of credit provided to you, and the kinds of credit products you have applied for.
Sensitive information is another type of personal information. This is information which is sensitive in nature (for example, your political opinions, philosophical beliefs, membership of a professional or trade association or union, and health information). We only collect sensitive information from you if it is necessary and you agree to us collecting this.
The information we collect
The types of personal information (including credit-related information) we may collect about you include:
- your contact details and important information about your identity – for example your name, address, mobile number, email address, date of birth, passport number, drivers licence number, Medicare number, tax file number and tax residency status;
- health and biometric information, for example video footage or photographs of your face where permitted;
- information about your financial situation – including your income, expenses, savings, assets, your credit arrangements and other credit-related information;
- your product or service preferences;
- your financial and transaction information;
- your account information;
- records of your correspondence with us (including any complaints or enquiries you have made);
- when you use the app or our website – your location information, IP address and any third- party sites you access;
- other information we think is necessary;
- information you access using our account aggregation service (for example, financial information from other financial institutions and points information from rewards program providers).
In certain limited circumstances, we may collect sensitive information about you (for example, about your health when you make an application for hardship or you provide us that information so that we can help you compare offerings from other service providers). If the sensitive information relates directly to your ability to meet a financial obligation to us or if you have otherwise voluntarily provided us with this information, you agree to us collecting this.
How we collect your information
Most of the personal information we collect about you will come directly from you (for example, when you fill in our application form, or when you deal with us over the phone or via the app).
We’ll also collect information about you when you use our services and products (for example, when you use your account with us to make transactions or repayments).
Sometimes, we might need to collect personal information (including credit-related information) about you from others, such as:
- credit reporting bodies;
- business alliance partners;
- other financial services institutions (including brokers);
- your employer or any referee you provide us;
- your representatives (for example, your legal advisor, financial advisor, accountant, trustee or attorney);
- the borrower, if you are a guarantor;
- the operating system software on your phone (including location software on your phone), your device, and your telecommunications provider;
- other organisations who, jointly with us, provide products or services to you; and
- our service providers (such as companies that provide fraud prevention services, identity verification services or other services that you choose to sign up to (such as our account aggregation service); and.
- public registers or social media.
We’ll ask you before we do this if we’re required by law to do so.
We will usually require you to identify yourself to access any of our services.
If you do not provide us with your personal information (including credit-related information), we may be unable to provide or administer the products or services you have requested.
How we use your information
We collect, hold, use and share your personal information (including credit-related information) so that we can establish, administer and provide our products and services to you.
For example, the main reasons why we use and share your information are to:
- confirm your identity;
- consider and process your (or a borrower’s) application for products and services provided by us including hardship requests;
- derive scores, ratings and evaluations relating to your creditworthiness;
- contact you and to manage our relationship with you (including to deal with complaints);
- conduct market or customer satisfaction research;
- perform administrative operations, including accounting, risk management, record keeping, archiving, systems development and testing, and staff training;
- manage our agreements with external payment systems;
- develop, establish and administer our alliances and other arrangements (including rewards programs) with other organisations relating to the promotion, administration and use of our products and services;
- improve our products and identify products and services that may interest you, and tell you about them (unless you ask us not to – we won’t be offended);
- assist you with invitations and online applications;
- help you to compare products and services that may be available from third parties;
- help prevent fraud or identify theft;
- comply with a law or regulation; and
- complete a purpose for which you have given your consent.
Sometimes, we’ll need to collect and disclose personal information (including credit-related information) because we’re required to by a law, including:
- the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and other anti- money laundering legislation (for example, for identity verification);
- the National Consumer Credit Protection Act 2009;
- the Personal Property Securities Act 2009 (for example, if relevant, for search and registration purposes);
- the Financial Sector (Collection of Data) Act 2001 and other regulatory legislation; and
- the Taxation Administration Act 1953, the Income Tax Assessment Act 1936 and 1997 and other taxation laws and regulations.
Using your information for marketing purposes
We may use your personal information to tell you about products or services (including those of third parties or related companies) that we think you might be interested in, unless you opt-out. We may do this by email, SMS or any other electronic means.
We may also market our products to you through third party channels (such as social networking sites), or via other companies who assist us to market our products and services. We may also use de-identified data to help place communications in the media that are most relevant to you.
If you don’t want to receive marketing information, you can tell us by:
- calling 13 30 80;
- or clicking the “Unsubscribe” link in our marketing emails (we’ll make sure we always include this link).
From time to time, we may ask credit reporting bodies to use your credit-related information to pre-screen you for marketing purposes (for example, to determine your eligibility for certain credit products). You can let the credit reporting body know that you don’t want your information to be used in this way.
How we share your information
We know that the privacy of the information you provide us is important to you. Sometimes we might share your personal information (including credit-related information) with others for the reasons listed above, including to:
- credit reporting bodies or financial services suppliers;
- other financial institutions and external payment systems operators;
- our related companies, assignees, agents, contractors and external advisors (like our accountants and legal advisors);
- businesses who provide services to us (for example, organisations we use to verify your identity and assist us in providing our account aggregation service);
- debt collection agencies;
- your referees, including your employer;
- a third party who introduces you to us;
- the government, external dispute resolution services and law enforcement agencies or regulators;
- your and our insurers or prospective insurers and their underwriters;
- the borrower, if you are a guarantor;
- other organisations with whom we have alliances or arrangements (including rewards programs) for the purpose of promoting our respective products and services (and any agents used by us and our business partners in administering such an arrangement or alliance);
- anyone supplying goods or services to you in connection with a rewards program associated with a facility we provide to you;
- your current and prospective co-borrowers, guarantors, co-guarantors or security providers;
- other organisations (including our related bodies corporate) for the marketing of their products and services (unless you tell us not to);
- any person to the extent necessary, in our view, in order to carry out any instruction you give to us; and
- organisations involved in our funding arrangements (including loan purchasers, investors and advisers).
We might also share your information for any other reason permitted by law. In some circumstances, we may require your consent before being able to share your personal information at which point we will seek this from you.
Overseas disclosure of personal information
We may share your personal information with contracted service providers and other organisations with overseas operations including those who perform technology and operational functions on our behalf. Countries may include USA, the Philippines, Romania and countries listed at www.nab.com.au/privacy/overseas-countries-list
When we do share personal information overseas, we take all reasonable care to prevent unauthorised access to, modification and disclosure of, your personal information and require overseas recipients to do the same.
With your consent, we may share your full name, date of birth and residential address with a credit reporting body to help us verify your identity.
Dealing with your credit-related information
When you apply to us for credit or choose to be a guarantor, we will usually obtain a credit report about you from a credit reporting body. This report gives us information about your credit history and other credit-related information collected. We use this to assess your creditworthiness (and to decide whether to offer you credit).
Your credit report will usually only contain information from the past five years. It may contain information from up to the past seven years if you have committed a serious credit infringement.
We may collect and share credit-related information with credit reporting bodies about your credit accounts. This information includes how well you make your repayments, how much you’ve borrowed, the type and amount of credit you have, whether you’ve failed to meet your payment obligations, and if you’ve committed fraud or a serious credit infringement (like obtaining credit by fraud). This information may be included in reports that the credit reporting body gives to other organisations to help them assess your creditworthiness. Information we provide may reflect negatively on your creditworthiness and may impact your ability to get credit from other lenders.
The main types of credit-related information we hold, or share with or collect from a credit reporting body, include:
- your current loans;
- loans have you applied for;
- if available, your repayment history on any loans and your default history;
- your credit report;
- scores, ratings and evaluations relating to your creditworthiness that we have derived from your credit report;
- any payment defaults reported by service providers such as telecommunication and energy companies;
- whether there are any Court judgments against you;
- whether you are, or have recently been, a bankrupt; and
- whether you have committed fraud or any serious credit infringements.
If your credit report is different from what you have told us about your financial history, we may ask you to explain this.
The credit reporting bodies we may deal with are:
What if you think you are a victim of fraud?
If you think you are or could be a victim of fraud (including identity fraud), you can ask a credit reporting body not to use or give your credit-related information to any anyone for a 21 day period (unless the use or disclosure is required by law). It’s a good idea to make requests to each major credit reporting body, as you may have a credit report with more than one credit reporting body.
How we hold and protect your information
We maintain strict industry standards and procedures in order to take all reasonable care to prevent unauthorised access to, modification and disclosure of, your personal information (including credit-related information) and protect it from misuse and loss. If we no longer need your information, we will take reasonable steps to destroy or de-identify it.
If there is a data breach and we reasonably believe that this is likely to result in serious harm to you, we will notify you of the breach and the regulator if we’re required to by law.
How you can access your information
If you’re curious about what personal information (including credit-related information) we hold about you, you can let us know by contacting us. We will confirm your identity before we give this to you and will try to give you access to your information within a reasonable period of time (at least within 30 days, if the information is credit-related information provided by, or derived from information from, a credit reporting body).
We don’t charge you for asking us for your personal information. However, in order to cover our costs of finding and collecting the material, we may charge you a fee – but we’ll make sure you’re aware of how much this is likely to be before we do this.
There may be times when we decide to refuse access to your personal information (including credit-related information). For example, we may refuse access to information that is commercially sensitive, if disclosure would unreasonably impact on someone else’s privacy, or if we are prevented by law from disclosing the information (or providing access would prejudice an ongoing investigation). If we do this, we’ll let you know in writing.
How you can correct your information
If you believe that we have incorrect, incomplete or out-of-date information about you, let us know as soon as possible so that we can update it. However, if we don’t think the information we have about you is incorrect, we’ll provide you with a written explanation.
If the incorrect information was given to us by a credit reporting body, we may need to check with the credit reporting body or the credit provider before we correct this. We’ll aim to make sure your information is updated within 30 days – however, if we can’t help you within that timeframe, we’ll ask you for extra time and will explain why.
Personal information about others
We don’t use your tax file number, Medicare number, pension number or any other government identifier as our customer identifier. We’ll only use and share these numbers for purposes required by law.
What if you have a concern about your personal information?
We want to make sure you have confidence in how we handle your personal information. If you have a concern about our handling of your personal information (including credit-related information), please let us know using the “Contact Us” page on our website or by calling us on 13 30 80.
We will acknowledge your complaint as soon as we can. We take complaints seriously and aim to resolve them as quickly as possible. We will take no more than 30 days to deal with your concern.
If you are still unsatisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) as follows:
Certain privacy complaints relating to either the provision of credit or credit reporting information in general can be referred to the Australian Financial Complaints Authority (AFCA), the external dispute resolution scheme we are a member of. This is a free service. AFCA can be contacted as follows:
Australian Financial Complaints Authority
Call: 1800 931 678
Mail: GPO Box 3 Melbourne VIC 3001
Email: [email protected]
Call: 13 30 80 (or +61 2 9070 0202 if overseas)