This Policy also includes our NAB Group credit reporting policy, that is, it covers additional information on how we manage your personal information collected in connection with a credit application, or a credit facility. We refer to this credit-related information below as credit information.
The European Union is changing its Data Protection regulation. For more information read our amended European Union General Data Protection Regulation Privacy Statement.
What personal information do we collect and hold?
The types of information that we collect and hold about you could include:
When we’re checking your credit worthiness and at other times, we might collect information about you from and give it to credit reporting bodies. This information can include:
We base some things on the information we get from credit reporting bodies, such as:
Information that we get from a credit reporting body or information we derive from such information is known as credit eligibility information.
What sensitive information do we collect?
Sometimes we need to collect sensitive information about you. This could include information about your health or reasons relating to hardship. Unless required or authorised by law, we will only collect sensitive information with your consent.
When the law authorises or requires us to collect information
We may collect information about you because we are required or authorised by law to collect it. There are laws that affect financial institutions, including company and tax law, which require us to collect personal information. For example, we require personal information to verify your identity under Commonwealth Anti-Money Laundering law.
What do we collect via your website activity?
If you start but don’t submit an online form we can contact you using any of the contact details you’ve supplied or other contact details we have for you to offer help (unless the use is anonymous).
We also know that some customers like to engage with us through social media channels. We may collect information about you when you interact with us through these channels. For all confidential matters, please interact with us via secure channels.
 Sensitive information is information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, genetic or biometric information.
How do we collect your personal information?
How we collect and hold your information
There are many ways we seek information from you. We might collect your information when you fill out a form with us, when we collect identification information verifying who you are from you, when you’ve given us a call, used our websites or dropped into one of our branches. In addition, when you use our website or mobile applications we may collect information about your IP address, location, device usage or activity. We also find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details, including doing e-verification of identity (e-Know Your Customer). However, we’ll never ask you for your security details in this way – if you are ever unsure, just contact us. We will try to collect personal information directly from you unless it’s unreasonable or impracticable. For this reason, it’s important that you keep your contact details up-to-date.
How we collect your information from other sources
Sometimes we collect information about you from other sources. We may collect information about you that is publicly available (for example from public registers or social media) or made available by third parties. For instance, we do this where:
We may use or disclose information about you in order to combine the information that we hold with information collected from or held by external sources. We do this in order to enable the development of customer insights about you so that we can serve you better. This includes being able to better understand your preferences and interests, personalise your experience, enhance the products and services you receive, and to tell you about products and services that may be of interest to you. Where those insights are provided to others, such insights are based on aggregated information and do not contain any information that identifies you. We may also use service providers to undertake the process of creating these consumer insights.
What if you don’t want to provide us with your personal information?
If you don’t provide your personal information to us, we may not be able to:
How we collect and hold your credit information
We will collect your credit information from details included in your application for credit (whether paper based, phone or electronic). In addition to what we say above about collecting information from other sources, other main sources for collecting credit information are:
What do we do when we get information we didn’t ask for?
Where we receive unsolicited information, we will check whether that information is reasonably necessary for our functions or activities. If it is, we’ll handle this information the same way we do with other information we seek from you. If not, we’ll ensure we do the right thing and destroy or de-identify it or make it inaccessible.
When will we notify you that we have received your information?
When we receive personal information from you, we’ll take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint.
Where we collect your personal information from third parties we will take reasonable steps to notify you of the circumstances of that collection. We recommend our customers regularly review our website to review updates to this policy and our Privacy Notification.
How do we take care of your personal information?
We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:
We can store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.
What happens when we no longer need your information?
We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law, including under the Corporations Act and the Anti-Money Laundering & Counter-Terrorism Financing Act for example. When we no longer require your information, we’ll ensure that your information is destroyed, de-identified or rendered inaccessible.
How we use your personal information
What are the reasons we collect, hold and use your information?
Because we offer a range of services and products, collecting your personal information allows us to provide and administer you with the products and services you’ve asked for and to otherwise operate our business. This means we will use your information to:
If applicable, we may also use your information for the purposes of verification of your identity as required by relevant state and territory electronic conveyancing and property laws. If you do not provide your information, settlement of your loan may not be able to proceed. We use a third party to provide us with identity verification services and they in turn may use and disclose your personal information for the purposes of administration of the verification services. We need to use these third party identity verification services for electronic conveyancing (where applicable) and - with your consent - in meeting our ongoing know-your-customer obligations under anti money laundering laws.
Can we use your information for marketing our products and services?
We may use or disclose your personal information to let you know about products and services that we believe may be of interest to you, including products and services from our related companies or from those we distribute products on their behalf. We will not do this if you tell us not to.
Such marketing activities may be via email, telephone, SMS, instant message, mail, or any other electronic means, including targeted advertising through NAB Group or other websites.
We may also market our products to you through third party channels (such as social networking sites), or via other companies who assist us to market our products and services. We may use de-identified data to help place communications in the media that are most relevant to you.
Where we market to prospective customers, we are happy to let them know how we obtained their information and will provide easy to follow opt-outs.
With your consent, we may disclose your personal information to third parties such as brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time.
Yes, You Can Opt-Out
You can let us know at any time if you no longer wish to receive direct marketing offers (see ‘Contact Us’). We will process your request as soon as practicable.
Where you have subscribed to something specific (like to hear from one of our sponsored organisations) then these subscriptions will be managed separately. If you no longer wish to receive these emails click the unsubscribe link included in the footer of our emails.
We know that you may prefer to receive some types of messages over others, so where possible we will offer you a choice. For instance, if you’d like to keep receiving particular messages but not others, then if we can, we will offer you a way to indicate that choice to us we will do so.
You can always update your preferences at any time.
How we use your credit information
In addition to the ways for using personal information mentioned above, we may also use your credit information to:
Who do we share your personal information with?
To make sure we can meet your specific needs and for the purposes described in ‘How we use your personal information’, we sometimes need to share your personal information with others.
Sharing with the NAB Group
We may share your personal information with other NAB Group members. This could depend on the product or service you have applied for and the NAB Group member you are dealing with but will not differ from those purposes outlined above. Where appropriate we integrate the information we hold across the NAB Group to provide us with a complete understanding of your product holdings and your needs. For example, where you hold a NAB Internet Banking ID and NAB Group superannuation product, some of the information we hold about you may also be exchanged for specific purposes such as allowing you to see your account summary information (e.g. balance) through NAB Internet Banking. We may share credit eligibility information (that is, credit information we obtain about you from a credit reporting body or that we derive from that information) with other Group members to enable that Group member to process another credit application you make to it and to collect any payment that is overdue in relation to that credit facility.
Sharing with MLC Limited
NAB acts for MLC Limited ABN 90 000 000 402 (described as MLC Life Insurance) in distributing their life insurance products. MLC Limited is no longer part of the NAB Group of companies. Only if you have in the past been referred to MLC Limited by us and are one of their customers, we may exchange personal information with MLC Limited or their service providers in order to administer and manage your life insurance products that are issued by them. We may also need to share information to ensure:
Sharing with Credit Reporting bodies
We may disclose information about you to a credit reporting body if you are applying for credit or you have obtained credit from us or if you guarantee or are considering guaranteeing the obligations of another person to us or you are a director of a company that is loan applicant or borrower or guarantor. When we give your information to a credit reporting body, it may be included in reports that the credit reporting body gives other organisations (such as other lenders) to help them assess your credit worthiness.
Some of that information may reflect adversely on your credit worthiness, for example, if you fail to make payments or if you commit a serious credit infringement (like obtaining credit by fraud). That sort of information may affect your ability to get credit from other lenders.
Sharing with third parties
We may disclose your personal information to third parties outside of the Group, including:
Sharing outside of Australia
We run our business in Australia and overseas. We may need to share some of your information (including credit information) with organisations outside Australia. Sometimes, we may need to ask you before this happens. You can view a list of the countries in which those overseas organisations are located at www.nab.com.au/privacy/overseas-countries-list/
Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.
We will not share any of your credit information with a credit reporting body, unless it has a business operation in Australia. We are not likely to share credit eligibility information (that is, credit information we obtain about you from a credit reporting body or that we derive from that information) with organisations unless they have business operations in Australia. However in the event NAB seeks assistance from a related company to manage defaulting loans, we may need as a consequence disclose credit eligibility information to the Bank of New Zealand (a member of the NAB Group), located in New Zealand. We are likely to share other credit information about you with organisations outside Australia. A list of countries in which those overseas organisations are located is set out above.
How do you access your personal information?
How you can generally access your information
We’ll always give you access to your personal information unless there are justifiable reasons why we can’t. You can ask us to access your personal information that we hold by filling out the Personal Access Form. In some cases we may be able to deal with your request over the phone. See ‘Contact Us’ if you would like a copy of the form to be sent out to you.
We will give you access to your information in the form you want it, where it’s reasonable and practical (such as a copy of a phone call you may have had with us – we can put it on a disk for you). If meeting your request requires a significant amount of resources, we may charge you a small fee to cover our costs when giving you access, but we’ll always check with you first. You can find the schedule of fees explained on the Access form.
If we validly deny your access request, we will tell you why in writing. See ‘Contact Us’.
How to access your credit eligibility information
Where you request access to credit information about you that we’ve got from credit reporting bodies (or based on that information), we will:
This is to ensure it is accurate and up-to-date.
If we can’t give you access, we will tell you why in writing. If you have concerns, you can complain to our external dispute resolution scheme, AFCA.
How do you correct your personal information?
Contact us if you think there is something wrong with the information we hold about you. If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know in writing.
Correcting your credit information
Whether we made the mistake or someone else made it, we are required to help you correct the information within 30 days. If we can’t make a correction in that timeframe, we will ask you for extra time. We also might need to talk to others in order to process your request. The most efficient way for you to make a correction request is to ask the organisation which made the mistake.
Whether we’re able to correct the information or not, we’ll let you know within five business days of deciding to do this. If we can’t we will provide reasons. We’ll also let the relevant third parties know as well as any others you tell us about. If there are any instances where we can’t do this, then we’ll let you know in writing. If you have any concerns, you can access the Australian Financial Complaints Authority.
How do you make a complaint?
If you have a complaint about how we handle your personal information, we want to hear from you. You are always welcome to contact us. We are committed to resolving your complaint and doing the right thing by our customers. Most complaints are resolved quickly, and you should hear from us within five business days (see ‘Contact Us’).
What about complaints relating to credit information?
We will let you know how we will deal with your complaint within seven days.
If we can’t fix things within 30 days, we’ll let you know why and how long we think it will take. We will also ask you for an extension of time to fix the matter. If you have any concerns, you may complain to the Australian Financial Complaints Authority.
If your complaint relates to how we handled your access and correction requests you may take your complaint directly to the Australian Financial Complaints Authority. You are not required to let us try to fix it first.
Contact details for Credit Reporting Bodies
As outlined above, when we’re checking your credit worthiness and at other times, we might collect information about you from and give it to one of more credit reporting bodies. The contact details of the credit reporting bodies we use outlined below. Each credit reporting body has a credit reporting policy about how they handle your information. You can obtain copies of these policies at their websites.
Contact credit reporting bodies if you think you have been the victim of a fraud
If you believe that you have been or are likely to be the victim of fraud (including identify fraud), you can request a credit reporting body not to use or disclose the information they hold about you. If you do this, the credit reporting body must not use or disclose the information during an initial 21 day period without your consent (unless the use or disclosure is required by law). This is known as a ban period.
If, after the initial 21 day ban period, the credit reporting body believes on reasonable grounds that you continue to be or are likely to be the victim of fraud, the credit reporting body must extend the ban period as they think reasonable in the circumstances. The credit reporting body must give you a written notice of the extension.
Contact credit reporting bodies if you don’t want your information used by them for direct marketing/pre screening purposes.
Credit reporting bodies can use the personal information about you that they collect for a pre-screening assessment at the request of a credit provider unless you ask them not to. A pre-screening assessment is an assessment of individuals to see if they satisfy particular eligibility requirements of a credit provider to receive direct marketing. You have the right to contact a credit reporting body to say that you don’t want your information used in pre-screening assessments. If you do this, the credit reporting body must not use your information for that purpose.
We care about what you think. Please contact us if you have any questions or comments about our privacy policies and procedures. We welcome your feedback.
Users who are deaf, or have a hearing or speech impairment can call through the National Relay Service:
This Policy may change from time to time. Please visit our website regularly as we will let you know of any changes to this Policy by posting a notification on our website. In addition, over the course of our relationship with you, we may tell you more about how we handle your information. This could be when you complete an application or form, or receive important disclosure documents from us, such as terms and conditions or a Product Disclosure Statement. We recommend that you review these statements too as they may have more specific detail for your particular product holdings.