Privacy policy

Read through our privacy policy

What type of ubank products do you use?

Current ubank products
Privacy policy


The privacy of your information is very important to us. Our promise to you is to provide you with the best possible service, while protecting your privacy. We will ensure that your information is secure and handled in accordance with the Privacy Act 1988, including the Australian Privacy Principles (APPs) and the Privacy (Credit Reporting) Code.

This policy sets out how we will manage and deal with your personal information (including your credit-related information), whether you’re our customer or any other person we deal with as part of our business.

This privacy policy applies to ubank, part of National Australia Bank Ltd (ABN 12 004 044 937), 86 400 Ltd (ABN 13 621 804 813), 86400 Holdings Pty Limited (ABN 36 621 802 097) and 86400 Technology Pty Ltd (ABN 46 621 804 199) (all part of the NAB Group). References to “we”, “us” or “our” used in this policy mean one or all of these organisations as the context requires.

We securely exchange personal information between these organisations including for purposes related to ensuring applicable legal obligations are met.

This policy is effective as at 1 July 2022. We may update this policy – if we do, you’ll always find the most up-to-date version on the website or in the app.

What is personal information?

Personal information is information about an individual who is identified or reasonably identifiable by the information (for example, your name, tax file number and date of birth).

Credit-related information (which includes credit information and credit eligibility information) is a type of personal information. This includes information from your credit report (or information derived from this report), your repayment history for loans from other credit providers, the amount of credit provided to you, and the kinds of credit products you have applied for.

Sensitive information is another type of personal information. This is information which is sensitive in nature (for example, your political opinions, philosophical beliefs, membership of a professional or trade association or union, and health information). We only collect sensitive information from you if it is necessary and you agree to us collecting this.

The information we collect

The types of personal information (including credit-related information) we may collect about you include:

  • your contact details and important information about your identity – for example your name, address, mobile number, email address, date of birth, passport number, drivers licence number, Medicare number, tax file number and tax residency status;
  • health and biometric information, for example video footage or photographs of your face where permitted;
  • information about your financial situation – including your income, expenses, savings, assets, your credit arrangements and other credit-related information;
  • your product or service preferences;
  • your financial and transaction information;
  • your account information;
  • records of your correspondence with us (including any complaints or enquiries you have made);
  • when you use the app or our website – your location information, IP address and any third-party sites you access;
  • other information we think is necessary;
  • information you access using our account aggregation service (for example, financial information from other financial institutions and points information from rewards program providers).

In certain limited circumstances, we may collect sensitive information about you (for example, about your health when you make an application for hardship or you provide us that information so that we can help you compare offerings from other service providers). If the sensitive information relates directly to your ability to meet a financial obligation to us or if you have otherwise voluntarily provided us with this information, you agree to us collecting this.

How we collect your information

In general, we won’t use or share personal information (including your credit-related information) collected about you other than for a purpose set out in this privacy policy, for a purpose you would reasonably expect, a purpose required or permitted by law, or a purpose that we have told you about (or that you have agreed to).

Most of the personal information we collect about you will come directly from you (for example, when you fill in our application form, or when you deal with us over the phone or via the app). We’ll also collect information about you when you use our services and products (for example, when you use your account with us to make transactions or repayments).

Sometimes, we might need to collect personal information (including credit-related information) about you from others, such as:

  • credit reporting bodies;
  • business alliance partners;
  • other financial services institutions (including brokers);
  • your employer or any referee you provide us;
  • your representatives (for example, your legal advisor, financial advisor, accountant, trustee or attorney);
  • the borrower, if you are a guarantor;
  • the operating system software on your phone (including location software on your phone), your device, and your telecommunications provider;
  • other organisations who, jointly with us, provide products or services to you; and
  • our service providers (such as companies that provide fraud prevention services, identity verification services or other services that you choose to sign up to (such as our account aggregation service); and.
  • public registers or social media.

We’ll ask you before we do this if we’re required by law to do so.

We will usually require you to identify yourself to access any of our services.

If you do not provide us with your personal information (including credit-related information), we may be unable to provide or administer the products or services you have requested.

Using cookies

Each time you visit our website, we may record the date and time of your access to the site and any information you have read or downloaded. We use cookies to collect information about your use of our website. Web cookies cannot scan your hard drive and cannot gather your passwords, credit card numbers or any other information on your computer. Web cookies are placed on your computer hard drive by a web page server, which can then be accessed by our web server. They are only used to identify you and may be used to track your browsing habits.

If you don’t want us to use cookies, you may be able to configure your web browser, or use other software, to prevent the use of cookies. However, you may not be able to make full use of the website.

How we use your information

We collect, hold, use and share your personal information (including credit-related information) so that we can establish, administer and provide our products and services to you.

For example, the main reasons why we use and share your information are to:

  • confirm your identity;
  • consider and process your (or a borrower’s) application for products and services provided by us including hardship requests;
  • derive scores, ratings and evaluations relating to your creditworthiness;
  • contact you and to manage our relationship with you (including to deal with complaints);
  • conduct market or customer satisfaction research;
  • perform administrative operations, including accounting, risk management, record keeping, archiving, systems development and testing, and staff training;
  • manage our agreements with external payment systems;
  • develop, establish and administer our alliances and other arrangements (including rewards programs) with other organisations relating to the promotion, administration and use of our products and services;
  • improve our products and identify products and services that may interest you, and tell you about them (unless you ask us not to – we won’t be offended);
  • assist you with invitations and online applications;
  • help you to compare products and services that may be available from third parties;
  • help prevent fraud or identify theft;
  • comply with a law or regulation; and
  • complete a purpose for which you have given your consent.

Sometimes, we’ll need to collect and disclose personal information (including credit-related information) because we’re required to by a law, including:

  • the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and other anti-money laundering legislation (for example, for identity verification);
  • the National Consumer Credit Protection Act 2009;
  • the Personal Property Securities Act 2009 (for example, if relevant, for search and registration purposes);
  • the Financial Sector (Collection of Data) Act 2001 and other regulatory legislation; and
  • the Taxation Administration Act 1953, the Income Tax Assessment Act 1936 and 1997 and other taxation laws and regulations.

Using your information for marketing purposes

We may use your personal information to tell you about products or services (including those of third parties or related companies) that we think you might be interested in, unless you opt-out. We may do this by email, SMS or any other electronic means.

We may also market our products to you through third party channels (such as social networking sites), or via other companies who assist us to market our products and services. We may also use de-identified data to help place communications in the media that are most relevant to you.

If you don’t want to receive marketing information, you can tell us by:

  • calling 13 30 80; or
  • clicking the “Unsubscribe” link in our marketing emails (we’ll make sure we always include this link).

From time to time, we may ask credit reporting bodies to use your credit-related information to pre-screen you for marketing purposes (for example, to determine your eligibility for certain credit products). You can let the credit reporting body know that you don’t want your information to be used in this way.

How we share your information

We know that the privacy of the information you provide us is important to you. Sometimes we might share your personal information (including credit-related information) with others for the reasons listed above, including to:

  • credit reporting bodies or financial services suppliers;
  • other financial institutions and external payment systems operators;
  • our related companies, assignees, agents, contractors and external advisors (like our accountants and legal advisors);
  • businesses who provide services to us (for example, organisations we use to verify your identity and assist us in providing our account aggregation service);
  • debt collection agencies;
  • your referees, including your employer;
  • a third party who introduces you to us;
  • the government, external dispute resolution services and law enforcement agencies or regulators;
  • your and our insurers or prospective insurers and their underwriters;
  • the borrower, if you are a guarantor;
  • other organisations with whom we have alliances or arrangements (including rewards programs) for the purpose of promoting our respective products and services (and any agents used by us and our business partners in administering such an arrangement or alliance);
  • anyone supplying goods or services to you in connection with a rewards program associated with a facility we provide to you;
  • your current and prospective co-borrowers, guarantors, co-guarantors or security providers;
  • other organisations (including our related bodies corporate) for the marketing of their products and services (unless you tell us not to);
  • any person to the extent necessary, in our view, in order to carry out any instruction you give to us; and
  • organisations involved in our funding arrangements (including loan purchasers, investors and advisers).

We might also share your information for any other reason permitted by law. In some circumstances, we may require your consent before being able to share your personal information at which point we will seek this from you.

Overseas disclosure of personal information

We may share your personal information with contracted service providers and other organisations with overseas operations including those who perform technology and operational functions on our behalf. Countries may include USA, the Philippines, Romania and countries listed at

When we do share personal information overseas, we take all reasonable care to prevent unauthorised access to, modification and disclosure of, your personal information and require overseas recipients to do the same.

Electronic verification

With your consent, we may share your full name, date of birth and residential address with a credit reporting body to help us verify your identity.

Dealing with your credit-related information

When you apply to us for credit or choose to be a guarantor, we will usually obtain a credit report about you from a credit reporting body. This report gives us information about your credit history and other credit-related information collected. We use this to assess your creditworthiness (and to decide whether to offer you credit).

Your credit report will usually only contain information from the past five years. It may contain information from up to the past seven years if you have committed a serious credit infringement.

We may collect and share credit-related information with credit reporting bodies about your credit accounts. This may include information about the date you opened (and closed) a credit account, the account type, the credit limit, your repayment history, any temporary or permanent hardship arrangements and details relating to any defaults or serious credit infringements (like obtaining credit by fraud). This information may be included in reports that the credit reporting body gives to other organisations to help them assess your creditworthiness. Information we provide may reflect negatively on your creditworthiness and may impact your ability to get credit from other lenders.

The main types of credit-related information we hold, or share with or collect from a credit reporting body, include:

  • your current loans;
  • loans you have applied for;
  • if available, your repayment history on any loans and your default history;
  • information about whether you were provided with a permanent or temporary arrangement due to hardship and, if so, whether you met the requirements of such an arrangement;
  • your credit report;
  • scores, ratings and evaluations relating to your creditworthiness that we have derived from your credit report;
  • any payment defaults reported by service providers such as telcommunication and energy companies;
  • whether there are any Court judgments against you;
  • whether you are, or have recently been, a bankrupt; and
  • whether you have committed fraud or any serious credit infringements.

If your credit report is different from what you have told us about your financial history, we may ask you to explain this.

The credit reporting bodies we may deal with are:

For more information about our credit information handling practices, please refer to the NAB Group Credit Reporting Policy.

What if you think you are a victim of fraud?

If you think you are or could be a victim of fraud (including identity fraud), you can ask a credit reporting body not to use or give your credit-related information to any anyone for a 21 day period (unless the use or disclosure is required by law). It’s a good idea to make requests to each major credit reporting body, as you may have a credit report with more than one credit reporting body.

How we hold and protect your information

We maintain strict industry standards and procedures in order to take all reasonable care to prevent unauthorised access to, modification and disclosure of, your personal information (including credit-related information) and protect it from misuse and loss. If we no longer need your information, we will take reasonable steps to destroy or de-identify it.

If there is a data breach and we reasonably believe that this is likely to result in serious harm to you, we will notify you of the breach and the regulator if we’re required to by law.

How you can access your information

If you’re curious about what personal information (including credit-related information) we hold about you, you can let us know by contacting us. We will confirm your identity before we give this to you and will try to give you access to your information within a reasonable period of time (at least within 30 days, if the information is credit-related information provided by, or derived from information from, a credit reporting body).

We don’t charge you for asking us for your personal information. However, in order to cover our costs of finding and collecting the material, we may charge you a fee – but we’ll make sure you’re aware of how much this is likely to be before we do this.

There may be times when we decide to refuse access to your personal information (including credit-related information). For example, we may refuse access to information that is commercially sensitive, if disclosure would unreasonably impact on someone else’s privacy, or if we are prevented by law from disclosing the information (or providing access would prejudice an ongoing investigation). If we do this, we’ll let you know in writing.

How you can correct your information

If you believe that we have incorrect, incomplete or out-of-date information about you, let us know as soon as possible so that we can update it. However, if we don’t think the information we have about you is incorrect, we’ll provide you with a written explanation.

If the incorrect information was given to us by a credit reporting body, we may need to check with the credit reporting body or the credit provider before we correct this. We’ll aim to make sure your information is updated within 30 days – however, if we can’t help you within that timeframe, we’ll ask you for extra time and will explain why.

Personal information about others

If you give us personal information about someone else (for example, a referee) please make sure you have their permission. You’re responsible for letting them know that they can refer to our privacy policy on how we’ll handle their personal information, and that they have a right to access the information that we hold about them.

Government identifiers

We don’t use your tax file number, Medicare number, pension number or any other government identifier as our customer identifier. We’ll only use and share these numbers for purposes required by law.

What if you have a concern about your personal information?

We want to make sure you have confidence in how we handle your personal information. If you have a concern about our handling of your personal information (including credit-related information), please let us know using the “Contact Us” page on our website or by calling us on 13 30 80.

We will acknowledge your complaint as soon as we can. We take complaints seriously and aim to resolve them as quickly as possible. We will take no more than 30 days to deal with your concern.

If you are still unsatisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) as follows:

Office of the Australian Information Commissioner


Call: 1300 363 992

Mail: GPO Box 5218, Sydney NSW 2001

Certain privacy complaints relating to either the provision of credit or credit reporting information in general can be referred to the Australian Financial Complaints Authority (AFCA), the external dispute resolution scheme we are a member of. This is a free service. AFCA can be contacted as follows:

Australian Financial Complaints Authority


Call: 1800 931 678

Mail: GPO Box 3, Melbourne VIC 3001

Any questions?


Call: 13 30 80 (or +61 2 9070 0202 if overseas)


Original ubank products
Privacy policy

Respecting your privacy

We respect your personal information, and this Privacy Policy explains how we handle it. Ubank is a division of the National Australia Bank Limited, and we take appropriate measures to ensure NAB can engage securely with and for our customers. The policy covers National Australia Bank Ltd ABN 12 004 044 937 and all its related companies, including their subsidiaries (the ‘NAB Group’), which includes all of our banking, financing, funds management, financial planning, superannuation, insurance, broking and e-commerce organisations. As some of our related companies may have specific legal requirements, they may have separate, but consistent policies. Please view these if they are more relevant to your relationship with the Group.

This Policy also includes our NAB Group credit reporting policy, that is, it covers additional information on how we manage your personal information collected in connection with a credit application, or a credit facility. We refer to this credit-related information below as credit information.

What personal information do we collect and hold?

General information

The types of information that we collect and hold about you could include:

  • ID information such as your name, image, postal or email address, telephone numbers, and date of birth;
  • other contact details such as social media handles;
  • financial details such as your tax file number;
  • health and biometric information (e.g. fingerprints, voice patterns) where permitted;
  • information about how you interact with us when you use internet or mobile banking (such as information about how you use your devices);
  • device information, such as which browser you use, your operating system language and how you use your device;
  • your location or activity including IP address and geolocation data based on the GPS of your mobile device (when accessing our services), and whether you’ve accessed third party sites
  • credit information such as details relating to credit history, credit capacity, and eligibility for credit (‘credit worthiness’); and
  • other information we think is necessary.

Over the course of our relationship with you, we may collect and hold additional personal information about you, including transactional information, account or policy information, complaint or enquiries about your product or service.

If you have general enquiry type questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way however as we are often governed by strict regulations that require us to know who we’re dealing with.

Credit information

When we’re checking your credit worthiness and at other times, we might collect information about you from and give it to credit reporting bodies. This information can include:

  • ID information: a record of your name(s) (including an alias or previous name), date of birth, gender, current or last known address and previous two addresses, name of current or last known employer and drivers licence number.
  • Information request: a record of a lender asking a credit reporting body for information in relation to a credit application, including the type and amount of credit applied for.
  • Default information: a record of your consumer credit payments being overdue.
  • Serious credit infringement: a record of when a lender reasonably believes that there has been a fraud relating to your consumer credit or that you have avoided paying your consumer credit payments and the credit provider can’t find you.
  • Personal insolvency information: a record relating to your bankruptcy or your entry into a debt agreement or personal insolvency agreement.
  • Court proceedings information: an Australian court judgment relating to your credit.
  • Publicly available information: a record relating to your activities in Australia and your credit worthiness.
  • Consumer credit liability information: certain details relating to your consumer credit, such as the name of the credit provider, whether the credit provider has an Australian Credit Licence, the type of consumer credit, the day on which the consumer credit was entered into and terminated, the maximum amount of credit available and certain repayment terms and conditions.
  • Repayment history information: a record of whether or not you’ve made monthly consumer credit payments and when they were paid.
  • Financial Hardship Information: (On and from 1 July 2022) information about whether you were provided with a permanent or temporary arrangement due to hardship and, if so, whether you met the requirements of such an arrangement.
  • Payment information: If a lender gave a credit reporting body default information about you and the overdue amount is paid, a statement that the payment has been made.
  • New arrangement information: If a lender gave a credit reporting body default information about you and your consumer credit contract is varied or replaced, a statement about this.

We base some things on the information we get from credit reporting bodies, such as:

  • our summaries of what the credit reporting bodies tell us; and
  • credit scores: a credit score is a calculation that lets us know how likely a credit applicant will repay credit we may make available to them.

Information that we get from a credit reporting body or information we derive from such information is known as credit eligibility information.

What sensitive information do we collect?

Sometimes we need to collect sensitive information1 about you. This could include information about your health or reasons relating to hardship. Unless required or authorised by law, we will only collect sensitive information with your consent.

When the law authorises or requires us to collect information

We may collect information about you because we are required or authorised by law to collect it. There are laws that affect financial institutions, including company and tax law, which require us to collect personal information. For example, we require personal information to verify your identity under Commonwealth Anti-Money Laundering law.

What do we collect via your website activity?

When you use NAB Group websites or mobile applications we may collect information about your location or activity including IP address, telephone number and whether you’ve accessed third party site. If you use internet banking or our websites, we monitor your use of those online interactions. This is done to ensure we can verify you and you can receive information from us, to identify ways we can improve our services for you and to understand you better. Some of this website or application information is collected using cookies. For more information on how we use cookies and tracking tags see our Cookies Policy

If you start but don’t submit an online form we can contact you using any of the contact details you’ve supplied or other contact details we have for you to offer help (unless the use is anonymous).

We also know that some customers like to engage with us through social media channels. We may collect information about you when you interact with us through these channels. For all confidential matters, please interact with us via secure channels.

Much of this data collection is done through the use of cookies and used to improve our services and enhance users online experience with us (e.g. website statistics), does not identify individual customers but does identify internet browser. Where we do identify you (such as where customers are logged onto our online services), NAB Group treats any use or disclosure in accordance with this policy.

1 Sensitive information is information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, genetic or biometric information.

How do we collect your personal information?

How we collect and hold your information

There are many ways we seek information from you. We might collect your information when you fill out a form with us, when we collect identification information verifying who you are from you, when you’ve given us a call, used our websites or dropped into one of our branches. In addition, when you use our website or mobile applications we may collect information about your IP address, location, device usage or activity. We also find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details, including doing e-verification of identity (e-Know Your Customer). However, we’ll never ask you for your security details in this way – if you are ever unsure, just contact us. We will try to collect personal information directly from you unless it’s unreasonable or impracticable. For this reason, it’s important that you keep your contact details up-to-date.

How we collect your information from other sources

Sometimes we collect information about you from other sources. We may collect information about you that is publicly available (for example from public registers or social media) or made available by third parties. For instance, we do this where:

  • we distribute or arrange products on behalf of others, including our business partners;
  • we can’t get hold of you and need to update your contact details;
  • we need information from third parties about an application you make through us;
  • we need information for fraud prevention purposes;
  • we need to the information for identity validation or verification purposes;
  • we are checking the security you are offering;
  • we can learn insight about your financial needs, such as through property information;
  • you have consented to third parties sharing it with us, such as organisations we have loyalty programs with or we sponsor;
  • at your request, we exchange information with your legal or financial advisers or other representatives.

We may use or disclose information about you in order to combine the information that we hold with information collected from or held by external sources. We do this in order to enable the development of customer insights about you so that we can serve you better. This includes being able to better understand your preferences and interests, personalise your experience, enhance the products and services you receive, and to tell you about products and services that may be of interest to you. Where those insights are provided to others, such insights are based on aggregated information and do not contain any information that identifies you. We may also use service providers to undertake the process of creating these consumer insights.

What if you don’t want to provide us with your personal information?

If you don’t provide your personal information to us, we may not be able to:

  • provide you with the product or service you want;
  • manage or administer your product or service;
  • verify your identity or protect against fraud and help detect unauthorised operation of your accounts by third parties; or
  • let you know about other products or services from across the Group that might better meet your financial, e-commerce and lifestyle needs.

How we collect and hold your credit information

We will collect your credit information from details included in your application for credit (whether paper based, phone or electronic). In addition to what we say above about collecting information from other sources, other main sources for collecting credit information are:

  • credit reporting bodies and other credit providers;
  • your co-loan applicants or co-borrowers, as well as your guarantors/proposed guarantors;
  • your employer, accountant, real estate agent or other referees;
  • your agents and other representatives like your referrers, brokers, solicitors, conveyancers and settlement agents;
  • organisations that help us to process credit applications such as mortgage managers;
  • organisations that check the security you are offering such as valuers;
  • organisations involved in the securitisation of our loans such as loan servicers, trust managers, trustees and security trustees;
  • organisations providing lenders mortgage insurance and title insurance to us or our related lenders;
  • bodies that issue identification documents to help us check your identity; and
  • our service providers involved in helping us to provide credit or to administer credit products, including our debt collectors and our legal advisers.

What do we do when we get information we didn’t ask for?

Where we receive unsolicited information, we will check whether that information is reasonably necessary for our functions or activities. If it is, we’ll handle this information the same way we do with other information we seek from you. If not, we’ll ensure we do the right thing and destroy or de-identify it or make it inaccessible.

When will we notify you that we have received your information?

When we receive personal information from you, we’ll take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint.

Where we collect your personal information from third parties we will take reasonable steps to notify you of the circumstances of that collection. We recommend our customers regularly review our website to review updates to this policy and our Privacy notification.

How do we take care of your personal information?

We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:

  • confidentiality requirements and privacy training of our employees;
  • document storage security policies;
  • security measures to control access to our systems and premises;
  • only giving access to personal information to a person who is verified to be able to receive that information;
  • ensuring third parties we appoint as our contractors or agents, including those located overseas meet NAB Group’s privacy obligations; and
  • electronic security systems, such as firewalls and data encryption on our websites.

We can store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.

What happens when we no longer need your information?

We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law, including under the Corporations Act and the Anti-Money Laundering & Counter-Terrorism Financing Act for example. When we no longer require your information, we’ll ensure that your information is destroyed, de-identified or rendered inaccessible.

How we use your personal information

What are the reasons we collect, hold and use your information?

Because we offer a range of services and products, collecting your personal information allows us to provide and administer you with the products and services you’ve asked for and to otherwise operate our business. This means we will use your information to:

  • provide you with information about products and services, including financial help guidance and advice;
  • consider your request for products and services, including your eligibility;
  • process your application and provide you with products and services; and
  • administer products and services which includes answering your requests and complaints, varying products and services, conducting market research, taking any required legal action in relation to our accounts and managing our relevant product portfolios
    • identifying you or verifying your authority to act on behalf of a customer;
    • telling you about other products or services that may be of interest to you, or running competitions and other promotions (this can be via email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums), unless you tell us not to;
    • identifying opportunities to improve our service to you and improving our service to you;
    • determining whether a beneficiary will be paid a benefit;
    • assisting in arrangements with other organisations (such as loyalty program partners where you belong to such programs) in relation to a product or service we make available to you;
    • allowing us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing);
    • preventing, detecting or investigating any fraud or crime, or any suspected fraud or crime;
    • as required by law, regulation or codes binding us; and
    • for any purpose for which you have given your consent.

If applicable, we may also use your information for the purposes of verification of your identity as required by relevant state and territory electronic conveyancing and property laws. If you do not provide your information, settlement of your loan may not be able to proceed. We use a third party to provide us with identity verification services and they in turn may use and disclose your personal information for the purposes of administration of the verification services. We need to use these third party identity verification services for electronic conveyancing (where applicable) and – with your consent – in meeting our ongoing know-your-customer obligations under anti money laundering laws.

Can we use your information for marketing our products and services?

We may use or disclose your personal information to let you know about products and services that we believe may be of interest to you, including products and services from our related companies or from those we distribute products on their behalf. We will not do this if you tell us not to.

Such marketing activities may be via email, telephone, SMS, instant message, mail, or any other electronic means, including targeted advertising through NAB Group or other websites.

We may also market our products to you through third party channels (such as social networking sites), or via other companies who assist us to market our products and services. We may use de-identified data to help place communications in the media that are most relevant to you.

Where we market to prospective customers, we are happy to let them know how we obtained their information and will provide easy to follow opt-outs.

With your consent, we may disclose your personal information to third parties such as brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time.

Yes, You Can Opt-Out

You can let us know at any time if you no longer wish to receive direct marketing offers (see ‘Contact Us’). We will process your request as soon as practicable.

Where you have subscribed to something specific (like to hear from one of our sponsored organisations) then these subscriptions will be managed separately. If you no longer wish to receive these emails click the unsubscribe link included in the footer of our emails.

We know that you may prefer to receive some types of messages over others, so where possible we will offer you a choice. For instance, if you’d like to keep receiving particular messages but not others, then if we can, we will offer you a way to indicate that choice to us we will do so.

You can always update your preferences at any time.

How we use your credit information

In addition to the ways for using personal information mentioned above, we may also use your credit information to:

  • enable a mortgage insurer or title insurer to assess the risk of providing insurance to us or to address our contractual arrangements with the insurer;
  • assess whether to accept a guarantor or the risk of a guarantor being unable to meet their obligations;
  • consider hardship requests; and
  • assess whether to securitise loans and to arrange the securitising of loans.

Who do we share your personal information with?

To make sure we can meet your specific needs and for the purposes described in ‘How we use your personal information’, we sometimes need to share your personal information with others.

Sharing with the NAB Group

We may share your personal information with other NAB Group members. This could depend on the product or service you have applied for and the NAB Group member you are dealing with but will not differ from those purposes outlined above. Where appropriate we integrate the information we hold across the NAB Group to provide us with a complete understanding of your product holdings and your needs. For example, where you hold a NAB Internet Banking ID and NAB Group superannuation product, some of the information we hold about you may also be exchanged for specific purposes such as allowing you to see your account summary information (e.g. balance) through NAB Internet Banking. We may share credit eligibility information (that is, credit information we obtain about you from a credit reporting body or that we derive from that information) with other Group members to enable that Group member to process another credit application you make to it and to collect any payment that is overdue in relation to that credit facility.

Sharing with MLC Limited

NAB acts for MLC Limited ABN 90 000 000 402 (described as MLC Life Insurance) in distributing their life insurance products. MLC Limited is no longer part of the NAB Group of companies. Only if you have in the past been referred to MLC Limited by us and are one of their customers, we may exchange personal information with MLC Limited or their service providers in order to administer and manage your life insurance products that are issued by them. We may also need to share information to ensure:

  • your insurance premium is calculated correctly (balance information may be required to be shared so your insurance can be calculated) and where authorised, make payments on your behalf to MLC Limited;
  • insurance claims and benefits are paid;
  • a smooth customer experience when you contact us, including:
    • we can transfer you to the right service centre;
    • where appropriate, NAB and MLC Limited can cooperate in order to handle your complaint;
    • being able to provide assistance should you wish to speak about your MLC Limited products held (e.g. where possible, we may assist by updating contact details on request).

Some of the information exchanged will be stored and visible within NAB Group customer databases to authorised employees; with some of these databases being accessible to a limited number of employees of MLC Limited, who are subject to monitoring, for a limited transition period. All information stored in these databases is subject to this privacy policy as well as NAB Group’s security procedures and controls.

Sharing with Credit Reporting bodies

We may disclose information about you to a credit reporting body if you are applying for credit or you have obtained credit from us or if you guarantee or are considering guaranteeing the obligations of another person to us or you are a director of a company that is loan applicant or borrower or guarantor. This may include information about the date you opened (and closed) a credit account, the account type, the credit limit, your repayment history, any temporary or permanent payment arrangements (from 1 July 2022) and details relating to any defaults or serious credit infringements. When we give your information to a credit reporting body, it may be included in reports that the credit reporting body gives other organisations (such as other lenders) to help them assess your credit worthiness.

Some of that information may reflect adversely on your credit worthiness, for example, if you fail to make payments or if you commit a serious credit infringement (like obtaining credit by fraud). That sort of information may affect your ability to get credit from other lenders.

Sharing with third parties

We may disclose your personal information to third parties outside of the Group, including:

  • those involved in providing, managing or administering your product or service;
  • authorised representatives of the NAB Group who sell products or services on our behalf;
  • credit reporting bodies or other approved third parties who are authorised to assess the validity of identification information;
  • insurance, investment, superannuation and managed funds organisations, and their advisers and service provider;
  • medical professionals, medical facilities or health authorities who verify any health information you may provide;
  • real estate agents, valuers and insurers (including lenders’ mortgage insurers and title insurers), re-insurers, claim assessors and investigators;
  • brokers or referrers who refer your application or business to us;
  • other financial institutions, such as banks, as well as guarantors and prospective guarantors of your facility;
  • organisations involved in debt collecting, including purchasers of debt;
  • fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature);
  • organisations involved in surveying or registering a security property or which otherwise have an interest in such property;
  • organisations we sponsor and loyalty program partners, including organisations the NAB Group has an arrangement with to jointly offer products or has an alliance with to share information for marketing purposes;
  • companies we arrange or distribute products for, such as insurance products;
  • rating agencies to the extent necessary to allow the rating agency to rate particular investments;
  • any party involved in securitising your facility, including the Reserve Bank of Australia (sometimes this information is de-identified), re-insurers and underwriters, loan servicers, trust managers, trustees and security trustees;
  • service providers that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems;
  • payments systems organisations including merchants, payment organisations and organisations that produce cards, cheque books or statements for us;
  • our joint venture partners that conduct business with us;
  • organisations involved in a corporate re-organisation or transfer of NAB Group assets or business;
  • organisations that assist with our product planning, analytics, research and development;
  • mailing houses and telemarketing agencies and media organisations who assist us to communicate with you, including media or social networking sites;
  • other organisations involved in our normal business practices, including our agents and contractors, as well as our accountants, auditors or lawyers and other external advisers (e.g. consultants and any independent customer advocates);
  • government or regulatory bodies (including the Australian Securities and Investment Commission and the Australian Tax Office) as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities); and
  • where you’ve given your consent or at your request, including to your representatives, or advisors, translators or (if you are experiencing vulnerability) other nominated supportive/assistance parties.

Sharing outside of Australia

We run our business in Australia and overseas. We may need to share some of your information (including credit information) with organisations outside Australia. Sometimes, we may need to ask you before this happens. You can view a list of the countries in which those overseas organisations are located at

Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.

We will not share any of your credit information with a credit reporting body, unless it has a business operation in Australia. We are not likely to share credit eligibility information (that is, credit information we obtain about you from a credit reporting body or that we derive from that information) with organisations unless they have business operations in Australia. However in the event NAB seeks assistance from a related company to manage defaulting loans, we may need as a consequence disclose credit eligibility information to the Bank of New Zealand (a member of the NAB Group), located in New Zealand. We are likely to share other credit information about you with organisations outside Australia. A list of countries in which those overseas organisations are located is set out above.

How do you access your personal information?

How you can generally access your information

We’ll always give you access to your personal information unless there are justifiable reasons why we can’t. You can ask us to access your personal information that we hold by filling out the Personal Access form. In some cases we may be able to deal with your request over the phone. See ‘Contact Us’ if you would like a copy of the form to be sent out to you.

We will give you access to your information in the form you want it, where it’s reasonable and practical (such as a copy of a phone call you may have had with us – we can put it on a disk for you). If meeting your request requires a significant amount of resources, we may charge you a small fee to cover our costs when giving you access, but we’ll always check with you first. You can find the schedule of fees explained on the Access form.

If we validly deny your access request, we will tell you why in writing. See ‘Contact Us’.

How to access your credit eligibility information

Where you request access to credit information about you that we’ve got from credit reporting bodies (or based on that information), we will:

  • provide you access to the information within 30 days (unless unusual circumstances apply); and
  • ask you to check with credit reporting bodies what information they hold about you.

This is to ensure it is accurate and up-to-date.

If we can’t give you access, we will tell you why in writing. If you have concerns, you can complain to our external dispute resolution scheme, AFCA.

How do you correct your personal information?

Contact us if you think there is something wrong with the information we hold about you. If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know in writing.

Correcting your credit information

Whether we made the mistake or someone else made it, we are required to help you correct the information within 30 days. If we can’t make a correction in that timeframe, we will ask you for extra time. We also might need to talk to others in order to process your request. The most efficient way for you to make a correction request is to ask the organisation which made the mistake.

Whether we’re able to correct the information or not, we’ll let you know within five business days of deciding to do this. If we can’t we will provide reasons. We’ll also let the relevant third parties know as well as any others you tell us about. If there are any instances where we can’t do this, then we’ll let you know in writing. If you have any concerns, you can access the Australian Financial Complaints Authority.

How do you make a complaint?

If you have a complaint about how we handle your personal information, we want to hear from you. You are always welcome to contact us. We are committed to resolving your complaint and doing the right thing by our customers. Most complaints are resolved quickly, and you should hear from us within five business days (see ‘Contact Us’).

What about complaints relating to credit information?

We will let you know how we will deal with your complaint within seven days.

If we can’t fix things within 30 days, we’ll let you know why and how long we think it will take. We will also ask you for an extension of time to fix the matter. If you have any concerns, you may complain to the Australian Financial Complaints Authority.

If your complaint relates to how we handled your access and correction requests you may take your complaint directly to the Australian Financial Complaints Authority. You are not required to let us try to fix it first.

Contact details for escalating complaints

Need more help?

Australian Financial Complaints Authority

Contact details for Credit Reporting Bodies

As outlined above, when we’re checking your credit worthiness and at other times, we might collect information about you from and give it to one of more credit reporting bodies. The contact details of the credit reporting bodies we use outlined below. Each credit reporting body has a credit reporting policy about how they handle your information. You can obtain copies of these policies at their websites.


Experian Australia


Contact credit reporting bodies if you think you have been the victim of a fraud

If you believe that you have been or are likely to be the victim of fraud (including identify fraud), you can request a credit reporting body not to use or disclose the information they hold about you. If you do this, the credit reporting body must not use or disclose the information during an initial 21 day period without your consent (unless the use or disclosure is required by law). This is known as a ban period.

If, after the initial 21 day ban period, the credit reporting body believes on reasonable grounds that you continue to be or are likely to be the victim of fraud, the credit reporting body must extend the ban period as they think reasonable in the circumstances. The credit reporting body must give you a written notice of the extension.

Contact credit reporting bodies if you don’t want your information used by them for direct marketing/pre screening purposes.

Credit reporting bodies can use the personal information about you that they collect for a pre-screening assessment at the request of a credit provider unless you ask them not to. A pre-screening assessment is an assessment of individuals to see if they satisfy particular eligibility requirements of a credit provider to receive direct marketing. You have the right to contact a credit reporting body to say that you don’t want your information used in pre-screening assessments. If you do this, the credit reporting body must not use your information for that purpose.

Contact Us

We care about what you think. Please contact us if you have any questions or comments about our privacy policies and procedures. We welcome your feedback.

  • Calling our Customer Experience Specialist on 13 30 80 (+61 2 9070 0202 from overseas)
  • You can send a letter to us via
    ubank Reply Paid 1466
    North Sydney, NSW 2059

Users who are deaf, or have a hearing or speech impairment can call through the National Relay Service:

Changes to this privacy policy

This Policy may change from time to time. Please visit our website regularly as we will let you know of any changes to this Policy by posting a notification on our website. In addition, over the course of our relationship with you, we may tell you more about how we handle your information. This could be when you complete an application or form, or receive important disclosure documents from us, such as terms and conditions or a Product Disclosure Statement. We recommend that you review these statements too as they may have more specific detail for your particular product holdings.