Privacy policy

Read through our privacy policy

What type of ubank products do you use?

Current ubank products
Privacy policy

 

The privacy of your information is very important to us. Our promise to you is to provide you with the best possible service, while protecting your privacy. We will ensure that your information is secure and handled in accordance with the Privacy Act 1988, including the Australian Privacy Principles (APPs) and the Privacy (Credit Reporting) Code.

This policy sets out how we will manage and deal with your personal information (including your credit-related information), whether you’re our customer or any other person we deal with as part of our business.

This privacy policy applies to ubank, part of National Australia Bank Ltd (ABN 12 004 044 937), 86 400 Pty Ltd (ABN 13 621 804 813), 86400 Holdings Pty Limited (ABN 36 621 802 097) and 86400 Technology Pty Ltd (ABN 46 621 804 199) (all part of the NAB Group). References to “we”, “us” or “our” used in this policy mean one or all of these organisations as the context requires.

We securely exchange personal information between these organisations including for purposes related to ensuring applicable legal obligations are met.

This policy is effective as at 17 September 2024. We may update this policy – if we do, you’ll always find the most up-to-date version on the website or in the app.

What is personal information?

Personal information is information about an individual who is identified or reasonably identifiable by the information (for example, your name, tax file number and date of birth).

Credit-related information (which includes credit information and credit eligibility information) is a type of personal information. This includes information from your credit report (or information derived from this report), your repayment history for loans from other credit providers, the amount of credit provided to you, and the kinds of credit products you have applied for.

Sensitive information is another type of personal information. This is information which is sensitive in nature (for example, your political opinions, philosophical beliefs, membership of a professional or trade association or union, and health information). We only collect sensitive information from you if it is necessary and you agree to us collecting this.

The information we collect

The types of information (including credit-related information) we may collect about you include:

  • your identification information such as your name, address, date of birth, contact details;
  • your identification documents or government identifiers such as your passport or driver licence number, Medicare or citizenship, and your tax file number and tax residency status;
  • health and biometric information, for example video footage or photographs of your face where permitted;
  • information about your financial situation, including your occupation, income, expenses, savings, assets, your credit arrangements and other credit-related information;
  • credit information such as details relating to credit history, credit capacity, and eligibility for credit (‘credit worthiness’);
  • your product or service preferences;
  • your financial and transaction information;
  • your account information;
  • records of your correspondence with us (including any complaints or enquiries you have made);
  • when you use the app or our website – your location and device information, IP address, information about how you interact with our app, website and the device you use to access them (including other apps on your device which is used solely for purposes related to security assessment and fraud detection and prevention) and any third-party sites you access;
  • information you access using our account aggregation service (for example, financial information from other financial institutions and points information from rewards program providers);
  • other information we think is necessary for the provision and promotion of our products and services and the operation of our businesses.

In certain limited circumstances, we may collect sensitive information about you (for example, about your health when you make an application for hardship or you provide us that information so that we can help you compare offerings from other service providers). If the sensitive information relates directly to your ability to meet a financial obligation to us or if you have otherwise voluntarily provided us with this information, you agree to us collecting this.

How we collect your information

In general, we won’t use or share personal information (including your credit-related information) collected about you other than for a purpose set out in this privacy policy, for a purpose you would reasonably expect, a purpose required or permitted by law, or a purpose that we have told you about (or that you have agreed to).

Most of the personal information we collect about you will come directly from you (for example, when you fill in our application form, or when you deal with us over the phone or via the app). We’ll also collect information about you when you use our services and products (for example, when you use your account with us to make transactions or repayments).

Sometimes, we might need to collect personal information (including credit-related information) about you from others, such as:

  • credit reporting bodies;
  • business alliance partners;
  • other financial services institutions (including brokers);
  • your employer or any referee you provide us;
  • your representatives (for example, your legal advisor, financial advisor, accountant, trustee or attorney);
  • the operating system software on your phone (including location software on your phone), your device, and your telecommunications provider;
  • other organisations who, jointly with us, provide products or services to you;
  • our service providers (such as companies that provide fraud prevention services, identity verification services or other services that you choose to sign up to (such as our account aggregation service); and
  • public registers or social media.

We’ll ask you before we do this if we’re required by law to do so.

We will usually require you to identify yourself to access any of our services.

If you do not provide us with your personal information (including credit-related information), we may be unable to provide or administer the products or services you have requested.

Dealing with your credit-related information

When you apply to us for credit, we will usually obtain a credit report about you from a credit reporting body. This report gives us information about your credit history and other credit-related information collected. We use this to assess your creditworthiness (and to decide whether to offer you credit).

Your credit report will usually only contain information from the past five years. It may contain information from up to the past seven years if you have committed a serious credit infringement.

We may collect and share credit-related information with credit reporting bodies about your credit accounts. This may include information about the date you opened (and closed) a credit account, the account type, the credit limit, your repayment history, any temporary or permanent hardship arrangements and details relating to any defaults or serious credit infringements (like obtaining credit by fraud). This information may be included in reports that the credit reporting body gives to other organisations to help them assess your creditworthiness. Information we provide may reflect negatively on your creditworthiness and may impact your ability to get credit from other lenders.

The main types of credit-related information we hold, or share with or collect from a credit reporting body, include:

  • your current loans;
  • loans you have applied for;
  • if available, your repayment history on any loans and your default history;
  • information about whether you were provided with a permanent or temporary arrangement due to hardship and, if so, whether you met the requirements of such an arrangement;
  • your credit report;
  • scores, ratings and evaluations relating to your creditworthiness that we have derived from your credit report;
  • any payment defaults reported by service providers such as telecommunications and energy companies;
  • whether there are any Court judgments against you;
  • whether you are, or have recently been, bankrupt; and
  • whether you have committed fraud or any serious credit infringements.

If your credit report is different from what you have told us about your financial history, we may ask you to explain this.

The credit reporting bodies we may deal with are:

Illion
https://www.illion.com.au
Illion’s credit reporting policy is set out at www.illion.com.au/illion-credit-reporting-policy-australia
Phone: 1300 734 806
Email: pac.austral@illion.com.au

Experian Australia
https://www.experian.com.au
Experian’s credit reporting policy is set out at www.experian.com.au/privacy-policy
Phone: 1300 783 684
Mail: Consumer Support Experian Australia
PO Box 1969
North Sydney NSW 2060

Equifax
www.equifax.com.au
Equifax’s credit reporting policy is set out at www.equifax.com.au/privacy
Phone: 13 83 32

For more information about our credit information handling practices, please refer to the NAB Group Credit Reporting Policy.

Meeting our regulatory obligations

Sometimes, we’ll need to collect and disclose personal information (including credit-related information) because we’re required to by a law, including:

  • the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and other anti-money laundering legislation (for example, for identity verification);
  • the National Consumer Credit Protection Act 2009;
  • the Personal Property Securities Act 2009 (for example, if relevant, for search and registration purposes);
  • the Financial Sector (Collection of Data) Act 2001 and other regulatory legislation; and
  • the Taxation Administration Act 1953, the Income Tax Assessment Act 1936 and 1997 and other taxation laws and regulations.

Using cookies

Each time you visit our website, we may record the date and time of your access to the site and any information you have read or downloaded. We use cookies to collect information about your use of our website. Web cookies cannot scan your hard drive and cannot gather your passwords, credit card numbers or any other information on your computer. Web cookies are placed on your computer hard drive by a web page server, which can then be accessed by our web server. They are only used to identify you and may be used to track your browsing habits.

If you don’t want us to use cookies, you may be able to configure your web browser, or use other software, to prevent the use of cookies. However, you may not be able to make full use of the website.

How we use your information

We collect, hold, use and share your personal information (including credit-related information) so that we can establish, administer and provide our products and services to you.

For example, the main reasons why we use and share your information are to:

  • confirm your identity;
  • consider and process your (or a borrower’s) application for products and services provided by us including hardship requests;
  • derive scores, ratings and evaluations relating to your creditworthiness;
  • contact you and to manage our relationship with you (including to deal with complaints);
  • conduct market or customer satisfaction research;
  • perform administrative operations, including accounting, risk management, record keeping, archiving, systems development and testing, and staff training;
  • manage our agreements with external payment systems;
  • develop, establish and administer our alliances and other arrangements (including rewards programs) with other organisations relating to the promotion, administration and use of our products and services;
  • improve our products and identify products and services that may interest you, and tell you about them (unless you ask us not to – we won’t be offended);
  • assist you with invitations and online applications;
  • help you to compare products and services that may be available from third parties;
  • help prevent fraud or identify theft;
  • comply with a law or regulation; and
  • complete a purpose for which you have given your consent.

Using your information for marketing purposes

We may use your personal information to tell you about products or services (including those of third parties or related companies) that we think you might be interested in, unless you opt-out. We may do this by email, SMS, phone calls or any other means of communication.

We may also market our products to you through third party channels (such as social networking sites), or via other companies who assist us to market our products and services. We may also use de-identified data to help place communications in the media that are most relevant to you.

If you don’t want to receive marketing information, you can tell us by:

  • updating your preferences via the ‘Settings’ tab in the ubank app;
  • clicking the “Unsubscribe” link in our marketing emails (we’ll make sure we always include this link); or
  • calling 13 30 80.

From time to time, we may ask credit reporting bodies to use your credit-related information to pre-screen you for marketing purposes (for example, to determine your eligibility for certain credit products). You can let the credit reporting body know that you don’t want your information to be used in this way.

If we have partnerships with third parties, we may provide information about you and your ubank products to them with your consent so that they can tell you about their products and services.

Who we share your information with

We know that the privacy of the information you provide us is important to you. Sometimes we might share your personal information (including credit-related information) with others for the reasons listed above, including to:

  • credit reporting bodies or financial services suppliers;
  • other financial institutions and external payment systems operators;
  • our related companies, assignees, agents, contractors and external advisors (like our accountants and legal advisors);
  • businesses who provide services to us (for example, organisations we use to verify your identity and assist us in providing our account aggregation service);
  • debt collection agencies;
  • your referees, including your employer;
  • a third party who introduces you to us;
  • the government, external dispute resolution services and law enforcement agencies or regulators;
  • your and our insurers or prospective insurers and their underwriters;
  • other organisations with whom we have alliances or arrangements including their agents (e.g., rewards programs) for the purpose of:
    • fulfilling any requests you’ve made to us or them.
    • promoting our respective products and services.
    • administering the arrangement or alliance.
    • for any other purpose you’ve agreed to.
  • anyone supplying goods or services to you in connection with a rewards program associated with a facility we provide to you;
  • your current and prospective co-borrowers;
  • other organisations (including our related bodies corporate) for the marketing of their products and services (unless you tell us not to);
  • any person to the extent necessary, in our view, in order to carry out any instruction you give to us; and
  • organisations involved in our funding arrangements (including loan purchasers, investors and advisers).

We might also share your information for any other reason permitted by law. In some circumstances, we may require your consent before being able to share your personal information at which point we will seek this from you.

More information about verifying your identity

With your consent:

  • We may share your full name, date of birth and residential address with a credit reporting body to help us verify your identity.
  • Where you have provided us with details of an identity document, we may verify your identity by checking your details (name, date of birth, address) with the document issuer or official record holder. This may be done via a third party.

Overseas disclosure of personal information

We may share your personal information with contracted service providers and other organisations with overseas operations including those who perform technology and operational functions on our behalf. Countries may include USA, the Philippines, Romania and countries listed at www.nab.com.au/privacy/overseas-countries-list.

When we do share personal information overseas, we take all reasonable care to prevent unauthorised access to, modification and disclosure of, your personal information and require overseas recipients to do the same.

What if you think you are a victim of fraud?

If you think you are or could be a victim of fraud (including identity fraud), you can ask a credit reporting body not to use or give your credit-related information to anyone for a 21-day period (unless the use or disclosure is required by law). It’s a good idea to make requests to each major credit reporting body, as you may have a credit report with more than one credit reporting body.

How we hold and protect your information

We maintain strict industry standards and procedures in order to take all reasonable care to prevent unauthorised access to, modification and disclosure of, your personal information (including credit-related information) and protect it from misuse and loss. If we no longer need your information, we will take reasonable steps to destroy or de-identify it.

If there is a data breach and we reasonably believe that this is likely to result in serious harm to you, we will notify you of the breach and the regulator if we’re required to by law.

How you can access your information

If you’re curious about what personal information (including credit-related information) we hold about you, you can let us know by contacting us. We will confirm your identity before we give this to you and will try to give you access to your information within a reasonable period of time (at least within 30 days, if the information is credit-related information provided by, or derived from information from, a credit reporting body).

We don’t charge you for asking us for your personal information. However, in order to cover our costs of finding and collecting the material, we may charge you a fee – but we’ll make sure you’re aware of how much this is likely to be before we do this.

There may be times when we decide to refuse access to your personal information (including credit-related information). For example, we may refuse access to information that is commercially sensitive, if disclosure would unreasonably impact on someone else’s privacy, or if we are prevented by law from disclosing the information (or providing access would prejudice an ongoing investigation). If we do this, we’ll let you know in writing.

How you can correct your information

If you believe that we have incorrect, incomplete or out-of-date information about you, let us know as soon as possible so that we can update it. However, if we don’t think the information we have about you is incorrect, we’ll provide you with a written explanation.

If the incorrect information was given to us by a credit reporting body, we may need to check with the credit reporting body or the credit provider before we correct this. We’ll aim to make sure your information is updated within 30 days – however, if we can’t help you within that timeframe, we’ll ask you for extra time and will explain why.

Personal information about others

If you give us personal information about someone else (for example, a referee) please make sure you have their permission. You’re responsible for letting them know that they can refer to our privacy policy on how we’ll handle their personal information, and that they have a right to access the information that we hold about them.

Government identifiers

We don’t use your tax file number, Medicare number, pension number or any other government identifier as our customer identifier. We’ll only use and share these numbers for purposes required by law.

What if you have a concern about your personal information?

We want to make sure you have confidence in how we handle your personal information. If you have a concern about our handling of your personal information (including credit-related information), please let us know using the “Contact Us” page on our website or by calling us on 13 30 80.

We will acknowledge your complaint as soon as we can. We take complaints seriously and aim to resolve them as quickly as possible. We will take no more than 30 days to deal with your concern.

If you are still unsatisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) as follows:

Office of the Australian Information Commissioner

Visit: https://www.oaic.gov.au

Call: 1300 363 992

Mail: GPO Box 5218, Sydney NSW 2001

Certain privacy complaints relating to either the provision of credit or credit reporting information in general can be referred to the Australian Financial Complaints Authority (AFCA), the external dispute resolution scheme we are a member of. This is a free service. AFCA can be contacted as follows:

Australian Financial Complaints Authority

Visit: https://www.afca.org.au

Call: 1800 931 678

Mail: GPO Box 3, Melbourne VIC 3001

Any questions?

Email: service@ubank.com.au

Call: 13 30 80 (or +61 2 9070 0202 if overseas)

Visit: ubank.com.au