Respecting your privacy
UBank is a division of the National Australia Bank Limited, and we are committed to respecting your right to privacy and protecting your personal information. We are bound by the Australian Privacy Principles in the Privacy Act 1988 (Commonwealth) and any relevant Health Privacy Principles under State legislation, as well as other applicable laws and codes affecting your personal information. Our staff are trained to respect your privacy in accordance with our standards, policies and procedures.
This Policy also includes our credit reporting policy, that is, it covers additional information on how we manage your personal information collected in connection with a credit application, or a credit facility. We refer to this credit-related information below as credit information.
What personal information do we collect and hold?
The types of information that we collect and hold about you could include:
Information from a credit reporting body
When we’re checking your credit worthiness and at other times, we might collect information about you from and give it to credit reporting bodies. This information can include:
We base some things on the information we get from credit reporting bodies, such as:
Information that we get from a credit reporting body or information we derive from such information is known as credit eligibility information.
What sensitive information do we collect?
Sometimes we need to collect sensitive information about you, for instance in relation to some insurance applications. This could include things like medical checks, medical consultation reports or other information about your health. Unless required by law, we will only collect sensitive information with your consent.
When the law authorises or requires us to collect information
We may collect information about you because we are required or authorised by law to collect it. There are laws that affect financial institutions, including company and tax law, which require us to collect personal information. For example, we require personal information to verify your identity under Commonwealth Anti-Money Laundering law.
What do we collect via your website activity?
If you’re an internet banking customer of ours, we monitor your use of internet banking services to ensure we can verify you and can receive information from us, and to identify ways we can improve our services for you.
If you start but don’t submit an on-line application, we can contact you using any of the contact details you’ve supplied to offer help completing it. The information in applications will be kept temporarily then destroyed if the application is not completed.
We also know that some customers like to engage with us through social media channels. We may collect information about you when you interact with us through these channels. However for all confidential matters, we’ll ensure we interact with you via a secure forum.
To improve our services and products, we sometimes collect de-identified information from web users. That information could include IP addresses or geographical information to ensure your use of our mobile banking applications is secure.
How do we collect and hold your personal information?
How we collect and hold your information
We understand that your personal information needs to be looked after and isn’t something you leave lying around for just anybody to take. So unless it’s unreasonable or impracticable, we will try to collect personal information directly from you (referred to as ‘solicited information’). For this reason, it's important that you help us to do this and keep your contact details up-to-date.
There are many ways we seek information from you. We might collect your information when you fill out a form with us, when you’ve given us a call, used our websites or dropped into one of our branches. We also find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details.
How we collect your information from other sources
Sometimes we collect information about you from other sources. We do this only if it’s necessary to do so. Instances of when we may need to include where:
What if you don't want to provide us with your personal information?
If you don’t provide your personal information to us, we may not be able to:
How we collect and hold your credit information
We will collect your credit information from details included in your application for credit (whether paper based, phone or electronic). In addition to what we say above about collecting information from other sources, other main sources for collecting credit information are:
What do we do when we get information we didn’t ask for?
Because we are a big organisation, people often share information with us we haven’t sought out (referred to as ‘unsolicited information’). Where we receive unsolicited personal information about you, we will check whether that information is reasonably necessary for our functions or activities. If it is, we’ll handle this information the same way we do with other information we seek from you. If not, we’ll ensure we do the right thing and destroy or de-identify it.
When will we notify you that we have received your information?
When we receive personal information from you directly, we’ll take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint.
Sometimes we collect your personal information from third parties. You may not be aware that we have done so. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.
How do we take care of your personal information?
We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:
For more information on our online security and how you can protect yourself online see http://www.nab.com.au/personal/banking/nab-internet-banking/security.
We can store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.
What happens when we no longer need your information?
We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law, such as the Corporations Act, the Anti-Money Laundering & Counter-Terrorism Financing Act, and the Financial Transaction Reports Act for example. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.
How we use your personal information
What are the main reasons we collect, hold and use your information?
Because we offer a range of services and products, collecting your personal information allows us to provide you with the products and services you’ve asked for. This means we can use your information to:
Can we use your information for marketing our products and services?
Given our wide organisation scope, we think we’ve learnt a lot of things along the way and we’d like to share what we know about our products with you. We may use or disclose your personal information to let you know about products and services from across the Group that might better serve your financial, e-commerce and lifestyle needs, or running competitions or promotions and other opportunities in which you may be interested.
We may conduct these marketing activities via email, telephone, SMS, iM, mail, or any other electronic means. We may also market our products to you through third party channels (such as social networking sites), or based on your use of Group programs. We will always let you know that you can opt out from receiving our third party or Group program marketing offers.
Where we market to prospective customers, we are happy to let them know how we obtained their information and will provide easy to follow opt-outs.
With your consent, we may disclose your personal information to third parties such as brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time. We won't sell your personal information to any organisation outside of the Group.
Yes, You Can Opt-Out
You can let us know at any time if you no longer wish to receive direct marketing offers from the Group (see ‘Contact Us’). We will process your request as soon as practicable.
What are the other ways we use your information?
We’ve just told you some of the main reasons why we collect your information, so here's some more insight into the ways we use your personal information including:
How we use your credit information
In addition to the ways for using personal information mentioned above, we may also use your credit information to:
Who do we share your personal information with?
To make sure we can meet your specific needs and for the purposes described in ‘How we use your personal information’, we sometimes need to share your personal information with others. We may share your information with other organisations for any purposes for which we use your information.
Sharing with the Group
We may share your personal information with other Group members. This could depend on the product or service you have applied for and the Group member you are dealing with.
Sharing at your request
We may need to share your personal information with:
Sharing with Credit Reporting bodies
We may disclose information about you to a credit reporting body if you are applying for credit or you have obtained credit from us or if you guarantee or are considering guaranteeing the obligations of another person to us. When we give your information to a credit reporting body, it may be included in reports that the credit reporting body gives other organisations (such as other lenders) to help them assess your credit worthiness.
Some of that information may reflect adversely on your credit worthiness, for example, if you fail to make payments or if you commit a serious credit infringement (like obtaining credit by fraud). That sort of information may affect your ability to get credit from other lenders.
Sharing with third parties
We may disclose your personal information to third parties outside of the Group, including:
Sharing outside of Australia
We run our business in Australia and overseas. We may need to share some of your information (including credit information) with organisations outside Australia. Sometimes, we may need to ask you before this happens. You can view a list of the countries in which those overseas organisations are located here.
We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed.
Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.
We will not share any of your credit information with a credit reporting body, unless it has a business operation in Australia. We are not likely to share credit information we obtain about you from a credit reporting body or that we derive from that information.
How do you access your personal information?
How you can generally access your information
We’ll always give you access to your personal information unless there are certain legal reasons why we can't. You can ask us in writing to access your personal information that we hold. In some cases we may be able to deal with your request over the phone.
We will give you access to your information in the form you want it where it’s reasonable and practical (such as a copy of a phone call you may have had with us – we can put it on a disk for you). We may charge you a small fee to cover our costs when giving you access, but we’ll always check with you first.
We’re not always required to give you access to your personal information. Some of the situations where we don’t have to give you access include when:
In relation to credit eligibility information, the exceptions may differ.
Download a personal access form or contact us directly to request access. See ‘Contact Us’. If we can't provide your information in the way you've requested, we will tell you why in writing. If you have concerns, you can complain. See ‘Contact Us’.
How to access your credit eligibility information
Where you request access to credit information about you that we’ve got from credit reporting bodies (or based on that information), you have the following additional rights.
This is to ensure it is accurate and up-to-date.
We are not required to give you access to this information if:
We may also restrict what we give you if it would harm the confidentiality of our commercial information.
If we refuse to give access to any credit eligibility information, we will tell you why in writing. If you have concerns, you can complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner. See ‘Complaints’.
How do you correct your personal information?
How we correct your information
Contact us if you think there is something wrong with the information we hold about you and we’ll try to correct it if it’s:
If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know in writing.
What additional things do we have to do to correct your credit information?
If you ask us to correct credit information, we will help you with this in the following way.
Helping you manage corrections
Whether we made the mistake or some one else made it, we are required to help you ask for the information to be corrected. So we can do this, we might need to talk to others. However, the most efficient way for you to make a correction request is to send it to the organisation which made the mistake.
Where we correct information
If we’re able to correct the information, we’ll let you know within five business days of deciding to do this. We’ll also let the relevant third parties know as well as any others you tell us about. If there are any instances where we can’t do this, then we’ll let you know in writing.
Where we can't correct information
If we’re unable to correct your information, we’ll explain why in writing within five business days of making this decision. If you have any concerns, you can access our external dispute resolution scheme or make a complaint to the Office of the Australian Information Commissioner. See ‘Complaints’.
Time frame for correcting information
If we agree to correct your information, we’ll do so within 30 days from when you asked us, or a longer period that’s been agreed by you.
If we can't make corrections within a 30 day time frame or the agreed time frame, we must:
Contact us if you wish to make a correction request. See ‘Contact Us’.
How do you make a complaint
If you have a complaint about how we handle your personal information, we want to hear from you. You are always welcome to contact us.
You can let us know about your complaint or dispute by contacting us at:
Customer Resolutions Officer
PO Box 1466 North Sydney NSW 2059
Tel: 13 30 80
Secure message - website: ubank.com.au
By giving us as much information as possible, you’ll help us resolve things faster. And if you have any supporting documentation, please have it handy when you raise your concern. Most complaints are resolved quickly and you should hear from us within five business days.
Need more help?
If you still feel your issue hasn’t been resolved to your satisfaction, then you can raise your concern with the Office of the Australian Information Commissioner:
What additional things do we have to do to manage your complaints about credit information?
If your complaint relates to how we handled your access and correction requests
You may take your complaint directly to our external dispute resolution scheme or the Office of the Australian Information Commissioner (see ‘Complaints’). You are not required to let us try to fix it first.
For all other complaints relating to credit information
If you make a complaint about things (other than an access request or correction request) in relation to your credit information, we will let you know how we will deal with it within seven days. See ‘Complaints’.
Ask for more time if we can't fix things in 30 days
If we can’t fix things within 30 days, we’ll let you know why and how long we think it will take. We will also ask you for an extension of time to fix the matter. If you have any concerns, you may complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner.
Letting you know about our decision
We’ll let you know about our decision within 30 days or any longer agreed time frame. If you have any concerns, you may complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner.
Contact details for Credit Reporting Bodies
As outlined above, if you apply for credit or have a credit facility with us, we may give your personal information to one or more credit reporting bodies. The contact details of the credit reporting bodies we use outlined below. Each credit reporting body has a credit reporting policy about how they handle your information. You can obtain copies of these policies at their websites.
Dun & Bradstreet Australia
Veda Advantage Business Information Services Ltd
Contact credit reporting bodies if you think you have been the victim of a fraud
If you believe that you have been or are likely to be the victim of fraud (including identify fraud), you can request a credit reporting body not to use or disclose the information they hold about you. If you do this, the credit reporting body must not use or disclose the information during an initial 21 day period without your consent (unless the use or disclosure is required by law). This is known as a ban period.
If, after the initial 21 day ban period, the credit reporting body believes on reasonable grounds that you continue to be or are likely to be the victim of fraud, the credit reporting body must extend the ban period as they think reasonable in the circumstances. The credit reporting body must give you a written notice of the extension.
Contact credit reporting bodies if you don’t want your information used by them for direct marketing/pre screening purposes.
Credit reporting bodies can use the personal information about you that they collect for a pre-screening assessment at the request of a credit provider unless you ask them not to. A pre screening assessment is an assessment of individuals to see if they satisfy particular eligibility requirements of a credit provider to receive direct marketing. You have the right to contact a credit reporting body to say that you don’t want your information used in pre screening assessments. If you do this, the credit reporting body must not use your information for that purpose.
Sorting out privacy issues
Get in touch
Users who are deaf, or have a hearing or speech impairment can call through the National Relay Service:
For more information about privacy in general, you can visit the Federal Privacy Commissioner’s website oaic.gov.au.
Anything else? Important things for you to know
What if you want to interact with us anonymously or use a pseudonym?
If you have general enquiry type questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way however as we are often governed by strict regulations that require us to know who we’re dealing with. In general, we won’t be able to deal with you anonymously or where you are using a pseudonym when:
What do we do with government-related identifiers?
In certain circumstances we may be required to collect government-related identifiers such as your tax file number. We will not use or disclose this information unless we are authorised by law.
This Policy may change. We will let you know of any changes to this Policy by posting a notification on our website. Any information collected after an amended privacy statement has been posted on the site, will be subject to that amended privacy statement.