Privacy and Credit Reporting Policy
This policy explains how we will manage and protect your personal information (including your credit-related information), and applies to the personal information of our customers and any other person we may deal with as part of our business.
This policy is effective as at 20 May 2019. Sometimes we will update this policy – you can always find the most up-to-date version on our website at www.greater.com.au/legal/privacy-policy, or request a copy free of charge by visiting any of our branches or by contacting us on 1300 651 400.
This policy covers Greater Bank Limited ABN 88 087 651 956 and Greater Investments Services Pty Ltd ABN 78 050 287 324.
References to “Greater Bank”, “our”, “us” or “we” refer to Greater Bank Limited ABN 88 087 651 956 and Greater Investment Services Pty Ltd ABN 78 050 287 324.
What is personal information?
Personal information is information or an opinion about an individual who is identified or who can be reasonably identified (for example, your name and date of birth). It includes credit-related information and sensitive information.
Credit-related information is a type of personal information. It includes:
(a) “credit information”, which is personal information that has a bearing on credit that has been provided to you or that you have applied for, including credit for personal, domestic or household purposes and in connection with a business (such as your identification details, information about your account, the type and amount of credit, and your repayment history information, such as whether you have made or missed a payment on your credit facility);
(b) “credit eligibility information”, which is information related primarily to your credit-related dealings with other credit providers and includes credit reporting information disclosed by credit reporting bodies to us; and
(c) “CP derived information”, which is personal information that is derived from credit reporting information about you disclosed to us by a credit reporting body, that has a bearing on your credit worthiness and is used, has been used or could be used in establishing your eligibility for consumer credit, such as our internal credit scores.
Sensitive information is another type of personal information. This is information which is sensitive in nature (for example, your racial or ethnic origin, your political opinions, religious or philosophical beliefs, membership of a professional or trade association or union, and health information). We only collect sensitive information from you if it is necessary in the circumstances and you have consented to that collection.
1. What personal information do we collect and hold about you?
The types of personal information we may collect and hold about you include:
- important information about your identity and your contact details - for example, your name, residential address, e-mail address, telephone numbers, date of birth, marital status, gender and your employment and occupation details;
- information about your financial position, including your income, expenses, savings and assets;
- credit-related information as defined above, which includes information about your past experiences with us and other credit providers, such as the kinds of credit you have or have sought and how you managed your obligations under these credit products;
- your tax file number and tax residency status (or your country of taxation obligation and taxation identification number, where applicable);
- financial and transaction information, account or policy information and other information relating to products and services held;
- the reason that you might be applying for a product or service;
- records of your contact and other correspondence with us (including any complaints or enquiries you have made);
- your responses to real time surveys or polls seeking feedback on our relationship with you (including to improve our service to you);
- lifestyle information;
- information regarding your personal insolvency or any court proceedings;
- your directorships, other office holdings, shareholdings and similar interests;
- when you visit our website (or mobile app or internet banking site) – your location and activity information, IP address and any third-party sites you access. For more information about how this works, visit the Terms and Conditions page of our website; and
- other information we think is necessary.
In limited circumstances, we may collect sensitive information about you (for example, about your health when you make an application for hardship). If we need this information, we will ask for your permission (unless the law does not require us to do so).
2. How is your personal information collected?
Most of your personal information (including credit-related information) will be collected directly from you. For example, we will collect your personal information:
- when you submit an application (or other form) to us or provide us with supporting documents or otherwise apply for products or services offered or distributed by us;
- when you deal with us (including when you make an enquiry or complaint) by email, SMS, mail, telephone, online or in any of our branches;
- when you visit our website; and
- when you enter into a competition we are running or when we sponsor you or an event you are involved with.
We may also collect your personal information when you use our products and services (for example, when you use your account with us to make transactions or repayments).
In some circumstances, we may need to obtain personal information (including credit-related information) about you from others. For example, we may collect information about you from:
- our related companies;
- current and/or previous employers (for example, to confirm your employment and income details);
- other credit providers;
- the borrower, if you are a guarantor or an additional card holder;
- the account holder, if you are an additional card holder;
- a joint account holder;
- publicly available sources of information, such as public registers, social media, LinkedIn and other online networks or platforms;
- your representatives (for example, your legal advisor, accountant, financial advisor, executor, administrator, guardian, trustee, or attorney);
- any referees you provide;
- other organisations who, jointly with us, provide products or services to you (including persons who we arrange or distribute products on behalf of);
- our service providers, such as credit reporting bodies, and companies that provide fraud prevention reports or provide identity verification services; and
- any other person (for example, a spouse or other relative) who holds personal information that we need to provide a product or service to you, and it is otherwise unreasonable or impractical to obtain that information directly from you.
3. How do we use and share your personal information?
We use and share your personal information (including credit-related information) so that we can provide products and services to you, and manage or administer our business and our relationship with you.
We may use and share your personal information so we can:
- confirm your identity;
- undertake due diligence in relation to you (for example, your tax and employment status) or any security;
- provide you with information about our products and services;
- consider your or a borrower’s request for products and services (including to assess your eligibility for a product or service, or to act as a guarantor, signatory, representative or additional card holder);
- process your application;
- derive scores, ratings and evaluations relating to your credit worthiness which we use in our decision-making processes and unsuitability assessments;
- carry out your instructions;
- establish, provide and administer the products and services we provide to you;
- process payments and invoices, and collect overdue payments;
- contact you and manage our relationship with you (including dealing with any complaints or enquiries you have made), and improve our service;
- discuss with you (or, where the law allows, a relevant third party like a relative or carer) any unusual behaviour in relation to your account with us;
- manage our business (for example, to conduct market research, to manage and develop our business systems and infrastructure, and to manage our rights and obligations with third parties);
- tell you about other products or services that may be of interest to you (unless you tell us not to) or run competitions and sponsorship programmes;
- consider hardship requests;
- minimise risks and identify illegal activities (such as fraud, money laundering or terrorism financing and other misconduct) or other activities that may materially impact a product or service that we provide to you;
- undertake debt recovery and enforcement activities and deal with serious credit infringements as well as assisting other credit providers to do the same;
- manage legal action you or we are taking;
- develop and plan new products and services, conduct research and analytics, and carry out any internal audits;
- administer and manage any arrangements or dealings you have with us; and
- comply with laws, regulations and codes that bind us, and assist government or law enforcement agencies. For example, various Australian laws may require or authorise us to obtain information about you, such as:
- comply with laws, regulations and codes that bind us, and assist government or law enforcement agencies. For example, various Australian laws may require or authorise us to obtain information about you, such as:
- the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and other anti-money laundering legislation (for example, for identity verification);
- the National Consumer Credit Protection Act 2009 (Cth);
- the Personal Property Securities Act 2009 (Cth) (for example, if relevant, for search and registration purposes); and
- the Taxation Administration Act 1953 (Cth), the Income Tax Assessment Act 1936 and 1997 (Cth) and other taxation laws and regulations.
We may also use or share your information for other reasons where the law allows or requires us to do so (for example, a court, tribunal or external dispute resolution ruling or rule), or for any other purpose you have consented to.
Can we use your personal information for marketing products and services?
From time to time, we may use your personal information to tell you about products or services (including those of third parties) that we think you might be interested in.
We will do this unless you ask us not to. We may contact you by mail, email, telephone, SMS, or any other online, digital or electronic means. We might also provide your details to other organisations for marketing purposes.
You can let us know at any time if you no longer wish to receive marketing information by:
- clicking the “Unsubscribe” link in our email marketing messages (which will always include this link); or
- contacting us using the details set out in section 12.
4. What if you don't want to provide us with your personal information?
If you do not provide us with your personal information (including credit-related information), we may be unable to:
- provide you with the products or services you or a borrower have requested;
- assist or deal with you; or
- administer and manage our products or services, or our relationship with you.
We may freeze your access to a particular product or service, and cancel that product or service, if you do not provide us with information that we reasonably request and need to provide you with that product or service.
If you have a question of a general nature, you can choose to do this anonymously or by using a pseudonym – however, we might not always be able to interact with you in this way as there are laws that require us to know who we’re dealing with.
5. Who do we share your personal information with?
Where permitted under the Privacy Act, we may share your personal information (including credit-related information) with third parties, including:
- our related companies, assignees, agents, contractors and external advisors (including our accountants, tax advisors, auditors and lawyers);
- your agents, representatives or anyone who acts on your behalf (including your legal advisor, mortgage broker, financial advisor, accountant, executor, administrator, parent, guardian, trustee, attorney or referee);
- any person who makes a joint application for a product or service with you;
- any additional card holders or joint account holders;
- businesses and other persons who provide services to us (for example, organisations we use to verify your identity, organisations that assist with research and analytics, payment system operators, payment network operators, organisations that produce cards, cheque books or statements for us, information technology service providers, information technology shared service providers, valuers, quantity surveyors, real estate (including managing) agents and mailing houses);
- other organisations that we arrange or distribute products for or who have referral arrangements in place with us (e.g. financial advisors);
- organisations and persons involved in surveying or registering security property or who have an interest in security property;
- your and our insurers or re-insurers, where the insurance is in connection with a product or service we provide to you;
- your current and prospective co-borrowers, guarantors, co-guarantors or security providers;
- the borrower, if you are a guarantor;
- your current and/or previous employers (for example, if we need to confirm your employment), or any other person we need to verify your information with;
- credit reporting bodies (including so that your personal information can be included in your credit report and shared with other credit providers that participate in the credit reporting system);
- other credit providers, banks and financial institutions;
- debt collection agencies;
- fraud reporting agencies;
- national, state or territory authorities that give assistance to facilitate the provision of our products and services to you;
- any registers that relate to the services we provide (for example, the Personal Property Securities Register);
- entities that help identify and investigate inappropriate or illegal activity, such as fraud;
- entities that obtain an interest in your credit product (or are considering doing so) or that might otherwise be involved in a securitisation and their professional advisors (including investors, trustees, security trustees, managers, lenders’ mortgage insurers and rating agencies);
- statutory authorities (such as the Reserve Bank of Australia), government departments and agencies, external dispute resolution services, any court and law enforcement agencies or regulators; and
- any other person (such as a relative, guardian, agent, person appointed to manage your affairs or a carer) if we believe that disclosure is necessary to protect us or you, or is otherwise in your interest.
In some circumstances, we may require your consent before being able to share your personal information.
Sending personal information outside of Australia
We may need to share some of your personal information (including credit-related information) with organisations overseas (or organisations that have overseas or cloud-based data access or storage). The countries in which these overseas recipients are likely to be located include New Zealand, the United States, the United Kingdom, the Philippines, Canada and Germany.
We will only share personal information with overseas recipients for the purposes set out in this policy.
6. How do we exchange information with credit reporting bodies?
When you apply to us for credit or choose to be a guarantor, we may obtain a credit report about you from a credit reporting body. A credit report tells us about your credit history and other credit-related information collected, which we use to assess your creditworthiness. We may use your credit report to assess applications for consumer or commercial credit, assess the suitability of a proposed guarantor for a credit contract, assist in the avoidance of a credit default and the collection of overdue payments and assist with the internal management of credit and pre-screening.
The law limits what information we can give to credit reporting bodies, what they can give to us, and how we can use credit reports.
We may collect and share credit-related information with credit reporting bodies about your credit accounts. The information we can collect and share with credit reporting bodies includes:
- your identity;
- the type and amount of credit you have or have applied for – like credit cards, home loans, or personal loans;
- how much you’ve borrowed;
- if you’ve made all your repayments; and
- if you’ve defaulted, committed fraud or another serious credit infringement.
Credit reporting bodies include this information in their reports to assist other credit providers to assess your credit worthiness.
We can also ask credit reporting bodies to give us your overall credit score, and may use credit-related information from credit reporting bodies together with other information to arrive at our own scoring of your ability to manage credit.
The credit reporting bodies we may deal with are:
- Equifax Pty Ltd – www.equifax.com.au
- Illion Australia Pty Ltd (formerly Dun & Bradstreet) – www.illion.com.au
- Experian Australia Credit Services Pty Ltd – www.experian.com.au
You can obtain their privacy policies on their websites.
Direct marketing using your credit-related information
From time to time, we may ask credit reporting bodies to use your credit-related information to pre-screen you for direct marketing purposes (for example, to determine your eligibility for certain credit products). You can ask a credit reporting body not to use or give your credit related information in this way. To do so just contact the credit reporting body using the contact details noted on their websites above.
What if you think you are a victim of fraud?
If you think you are or could be a victim of fraud (including identity fraud), you can ask a credit reporting body not to use or give your credit-related information to anyone for a 21 day period (unless the use or disclosure is required by law). This is known as the initial ban period. It’s a good idea to make requests to each credit reporting body, as you may have a credit report with more than one credit reporting body.
At least 5 days before the end of the initial ban period, the credit reporting body will get in touch to inform you that you can extend the ban period and explain what information you need to provide to support your allegation of fraud. If you do not make a request to extend the ban period, you do not provide the information that the credit reporting body has requested or the credit reporting body does not believe on reasonable grounds that you have been or are likely to be a victim of fraud, the credit reporting body will remove the ban at the end of the ban period. If you make a request to extend the ban period, and the credit reporting body believes on reasonable grounds that you have or are likely to be a victim of fraud, the credit reporting body must extend the ban period by a period that it considers reasonable in the circumstances and provide you with notice of the extension. The same process will apply for each subsequent ban period.
7. How do we hold and protect your personal information?
We or third party service providers on our behalf may store your personal information (including credit-related information) in hard copy, digital or electronic records. The security of your personal information is important, and we take reasonable steps to ensure that all your personal information is protected from misuse, interference and loss, and from unauthorised access, modification and disclosure. Some of the ways we do this are by:
- imposing confidentiality requirements on staff, service providers and other people we deal with;
- training staff on privacy and information security;
- imposing security requirements on document storage and retention;
- monitoring online security systems;
- imposing security measures to control access to premises and systems (such as locks, passwords and permission restrictions); and
- using electronic security such as firewalls, data encryption and anti-virus software.
Any personal information that we transmit through our website and internet banking site is encrypted. However, like all internet communications, we cannot guarantee that information transmitted online is secure. To help protect your privacy, you should ensure that you keep your passwords and personal identification numbers safe, in accordance with our Deposit and Credit Accounts Terms and Conditions – Part 1. You must contact us as soon as practicable if your passwords and personal identification numbers are subject to unauthorised access, disclosure or loss.
If we no longer require your personal information (for example, we no longer need your information for business or legal reasons), we will take reasonable steps to ensure that this personal information is de-identified or destroyed.
8. How do we handle personal information collected on our website?
We handle any personal information collected on our website (www.greater.com.au) in accordance with our website’s Terms and Conditions (located at www.greater.com.au).
9. What happens if you want to access your personal information?
You have the right to ask us for a copy of the personal information we hold about you. You can do this by contacting us using the details set out in section 12. Before giving you access, we’ll need to confirm your identity. In some cases you’ll need to fill out a “Request for Copies of Security Documents” form or “Request for Access or Correction of Personal Information” form.
In most cases, we will be able to deal with your request immediately. If we aren’t able to give you the information within three business days we will, within that three business day period, acknowledge your request and contact you to provide you with an update.
When you request access to your credit-related information that we have received from credit reporting bodies, we will provide you with access to the information within 30 days. We’ll also tell you that you should check what information those credit reporting bodies hold about you (in order to ensure that you have access to the most up-to-date information).
We don’t charge you for asking us for your personal information. However, we may charge you a fee to cover our costs of finding and putting together the material if we give you access – but we’ll let you know how much it is likely to be in advance.
In some cases, we may refuse access to certain personal information (including credit-related information). For example, we might refuse access to information that is commercially sensitive, or would unreasonably impact on someone else’s privacy. If we do this, we’ll explain our decision to you in writing and provide you with information about how you can complain about the refusal. You can contact our Privacy Officer (see contact details set out in section 12) if you have any further concerns.
10. What happens if you want to correct or update your personal information?
We’ll try to ensure that the personal information we have about you is accurate, complete and up-to-date. If you think that the information we hold about you may be incorrect (including if your information has changed and needs to be updated), you have the right to ask us to correct or update the information. You can do this by contacting us using the details set out in section 12. If you’re concerned that we have given incorrect personal information to others, you can ask us to let them know about this correction – we’ll let you know in writing if we are unable to help.
If the incorrect information was given to us by a credit reporting body (or based on that information), we may need to check with the credit reporting body or the credit provider. We’ll aim to help you correct your information within 30 days – however, if we can’t help you within that timeframe, we’ll ask you for extra time and will explain why it’s taking longer.
If we don’t think the personal information we have about you is incorrect, we’ll explain why we think this in writing and provide you with information about how you can complain.
11. What happens if you have concerns or a complaint?
We’re committed to doing the right thing by our customers. If you have an issue with our handling of your personal information, let us know and we’ll try to fix it.
How can you make a complaint?
If you’re concerned with our handling of your personal information (including credit-related information), you can make a complaint and we’ll look in to it. You can make a complaint by using the details set out in section 12.
How will we deal with your complaint?
Once a complaint is lodged, we’ll get in touch within seven days and let you know how we’ll deal with your complaint. If we can’t solve your complaint within 30 days, we’ll let you know why and work out a new timeframe with you.
What happens if you’re still not satisfied?
If you’re not satisfied with how we have managed your issue or complaint, there are free and independent external dispute resolution services that are available.
Australian Financial Complaints Authority
|Office of the Australian Information Commissioner
Phone: 1300 363 992
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
12. How can you contact us?
You can contact us in any of the following ways:
|In person:||At any of our branches|
|By mail:||Privacy Officer
Greater Bank Limited
PO Box 173, Hamilton NSW 2303
|By phone:||1300 651 400 (Monday – Friday 8am – 5:30pm and Saturdays 8am – 1pm)|