Last updated: 14 January 2019
Outline of our Policy
Our Policy sets out:
- what information we collect and hold
- how we deal with credit information
- how we collect and hold information
- why we collect, hold, use and disclose your information
- how you can access your information
- how you can correct your information
- how you can make a complaint
- how we will deal with your complaint
- in what overseas countries we are likely to disclose your information.
Information we collect and hold
We will collect and hold your information. This may include:
- your personal information (any information which identifies you or from which you may be identifiable, such as: your name, date of birth, contact details and evidence of identity)
- your tax file number
- your employment details
- passwords, passcodes and secret questions used to confirm your authorisation of a transaction
- your PayID, PayID Name and account details
- credit and debits to your accounts
- information about your membership of a professional association which is a requirement for you to become a member
- other personal information, such as details of your interactions with us.
When you apply for a loan we will also collect and hold your credit information, such as:
- information about your financial position (like income, expenses, savings, assets and any other credit arrangements), identification information, repayment history
- your current credit and transaction history, including default & payment information
- credit eligibility information (such as information derived about you from a credit reporting body)
We will only collect information that is related to our providing, or arranging others to provide:
- banking products and services
- financial advisory services
- financial accommodation
- general insurance
- travel services
If we need sensitive information about you – such as information about your religion, ethnicity, health or biometrics (for example, your finger prints or face) – we will ask for your permission.
How we collect your information
We will collect information about you and your financial position from you directly.
When you apply for a loan, we will collect information about your credit history from a credit reporting body.
If you do not wish to give us the information we may require, we may not be able to provide you with the service or product that you have requested.
We may collect credit information or credit eligibility information about you from credit reporting bodies, including Equifax, Illion (Australia) Pty Ltd and Tasmanian Collection Service. We may also disclose your credit information to those credit reporting bodies.
We collect your credit information from those credit reporting bodies to allow us to assess your application and your credit worthiness.
We may also exchange personal information and credit information about you with other credit providers in the assessing your application and your credit worthiness.
We may notify other credit providers of any defaults by you.
You are encouraged to view the privacy policies of these credit providers on their respective websites. You can view a copy of the privacy policies of these credit reporting bodies on their respective websites. Equifax: www.equifax.com.au/privacy, Illion: (Australia) Pty Ltd: www.illion.com.au/privacy-policy and Tasmanian Collection Service: www.tascol.com.au/privacy.
What information do we use from your credit report?
We use your credit report to check if what you have told us about your financial history is correct. We look at the following information:
- what are your current loans
- what loans have you applied for
- if available, your repayment history on any loans and your default history
- any payment defaults reported by service providers such as telcos and energy companies
- whether there are any Court judgments against you
- whether you are, or have recently been, a bankrupt
- whether you have committed any serious credit infringements.
Your credit report will usually only contain information from the past 5 years. It may contain information from up to the past 7 years if you have committed a serious credit infringement. We may ask you to explain why your credit report differs from what you have told us about your financial history.
Why we collect, hold, use and disclose personal information
We collect, hold, use and disclose your information for a number of reasons, such as to:
- maintain the Bank’s register of members
- confirm or verify your identity
- assess your application for a product or a service
- when you apply for a loan – to establish your eligibility for a loan and your capacity to repay a loan
- provide membership benefits, services and products or information about those benefits, services and products
- process payments
- to maintain PayID registrations through the New Payments Platform addressing service
- design, manage and price our membership benefits, services and products
- give you information about services and products from third parties with which we have arrangements
- manage our relationship with you
- conduct market and demographic research in relation to the products and services our members acquire from us
- keep track of products or services you view on our website using cookies, if your settings allow it, so that we can send you information and advertising about those products or services
- contact you to assist you to complete online applications you have started and not submitted. Personal information provided in these applications is destroyed after 90 days
- minimise risks and identify or investigate fraud and other illegal activities
- improve our service to you
- comply with our obligation under certain laws to verify your identity, assess your capacity under the National Consumer Credit Protection Act (2009), maintain our register of members under the Corporations Act (2001), and assist government and law enforcement agencies
- manage our business.
The law also requires us to collect and hold your information:
- for our register of members under the Corporations Act (2001)
- to verify your identity under relevant legislation
- to assess your capacity to pay a loan under the National Consumer Credit Protection Act (2009).
Marketing Opt Out
From time-to-time, we may also use your information to tell you about products and services we think you might be interested in.
If you do not want to be contacted by us for direct marketing purposes, you can opt out by:
Who we disclose your information to
When you have a loan with us, we may disclose the following information to a credit reporting body:
- the fact that you have applied for a loan
- details of the loan, when approved
- when payments are due
- whether you have paid on time
- when you actually paid.
We may also disclose your information to other entities such as:
- entities that verify identity
- clearing, payment and credit card scheme providers
- our third party contractors or agents
- security entities that minimise risks and block suspicious behaviour, such as Google reCaptcha
- lawyers, conveyancers, accountants, brokers, advisers and agents who represent you
- contractors who do some of our work for us, including statement printing and mail out, card and cheque production, market research or direct marketing
- affiliated product and service suppliers to provide information to you about their services and products
- credit reporting bodies and other financial institutions that have previously lent to you
- persons you use as referees
- for property loans – property valuers and insurers
- mortgage documentation service
- trustee and manager of securitised loan programs
- any proposed guarantor of a loan
- debt collection agencies, lawyers, process servers
- our auditors or insurers
- people who help us process claims – like assessors and investigators
- other banks and financial institutions – for example, if we need to process a claim for mistaken or misdirected payment
- other people (like cardholders) using the same account
- service providers who we engage to provide service to members.
We will also disclose your information to law enforcement, regulatory bodies and government agencies as required by law.
How we hold your information
We hold your information in our systems, databases and archives. We have security systems to guard against unauthorised access. We also limit access to our employees on a needs basis. We will destroy or de-identify information when we no longer need it. Although we take reasonable measures to guard against interference, when information is transmitted, we cannot guarantee its security.
Disclosure to overseas recipients
We may disclose your information to third parties that are based overseas for processing. These third parties may be located in the USA, Canada, Germany, India, New Zealand, the Philippines and the UK. Where we do this, we make sure there are arrangements in place to protect your information.
Links to other websites
Data breach notification
We may notify you and the Office of the Australian Information Commission if we have reasonable grounds to believe that:
- there has been unauthorised access or disclosure of your personal information, or that your information has been lost in a way that is likely to give rise to unauthorised access or disclosure; and
- there is a likely risk of serious harm as a result of the unauthorised access or disclosure.
If we notify you of a breach, where possible we will provide recommendations as to the steps you should take regarding the breach.
How you can access and/or correct your information
You can request access to your information at any time. If the information we hold is incorrect, you can request us to correct it. You can make a request by contacting us:
- in person at one of our Branches. Visit our website www.heritageisle.com.au for a list of Branch locations.
- by calling us on 134 374.
- by email at email@example.com.
- in writing to 25 Pelican Street, Surry Hills, NSW 2010.
We do not currently charge any fees for giving you access to your information. We may charge a document retrieval fee to cover the costs of retrieving and making copies but we will disclose the estimated costs beforehand when you make the request.
Making a complaint
You may make a complaint to us if you consider that we have not complied with the relevant provisions of the APPs or relevant credit reporting provisions the Privacy Act (1988). You can complain:
- in person at one of our Branches
- by calling us on 134 374
- by email at firstname.lastname@example.org
- in writing to 25 Pelican Street, Surry Hills, NSW 2010.
We will deal with your complaint under our internal dispute resolution procedure. We will give you a copy of our Complaints Handling & Dispute Resolution Guide when you make your complaint. We are also part of an external dispute resolution scheme. If you are not satisfied with how we handled your complaint, you can take the matter there. We will tell you at the time how you can contact the external dispute resolution scheme.
If you are still not satisfied with the way in which your enquiry or complaint has been handled, you can contact the Office of the Australian Information Commissioner on Tel: 1300 363 992 or via its website located at www.oaic.gov.au/privacy/privacy-complaints.
You can also access our Privacy Notice here.