Victoria Teachers Limited trading as Bank First (ACN 087 651 769) ('we', 'us', 'our') is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act). We are also bound by Division 3 of Part IIIA of the Privacy Act, which regulates the handling of credit information, credit eligibility information and related information by credit providers, and by the Privacy (Credit Reporting) Code 2014.
1. Key types of information
"Personal information" means information or an opinion about an identified individual or an individual who is reasonably identifiable. Although we try to make sure that all information we hold is accurate, "personal information" also includes any inaccurate information about an individual.
"Credit eligibility information" means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about an individual's credit worthiness.
"Credit information" means personal information that includes the following:
- information about an individual, like their name, age, address and employment details, that we may use to identify that individual
- information about an individual's current or terminated consumer credit accounts and their repayment history
- the type and amount of credit applied for in any previous consumer or commercial credit applications to any credit provider, where that credit provider has requested information
- information about an individual from a credit reporting body
- information about consumer credit payments overdue for at least 60 days and for which collection action has started
- advice that payments that were previously notified to a credit reporting body as overdue are no longer overdue
- information about new credit arrangements an individual may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any defaults or serious credit infringements by that individual
- information about court judgments which relate to credit that an individual has obtained or applied for
- information about an individual on the National Personal Insolvency Index
- publicly available information about an individual's credit worthiness, and
- an opinion of a credit provider that an individual has committed a serious credit infringement of credit provided by that credit provider.
"Credit-related information" means credit information, credit eligibility information and related information.
We may collect personal information from you by various means including in-person, by telephone, using video conferencing, by email, by letter, and through our website, social media channels, and mobile apps.
Wherever possible, we will collect personal information (including credit-related information) directly from you. This information will generally come from what you provide in or with your applications for membership and/or for our products or services.
We only ask for personal information relevant to our business relationship with you. When you apply for one of our products or services, we may request:
- identifying information, like your name, address and other contact details and your date of birth
- information about your financial position, like your income, expenses, savings and assets and any (other) credit arrangements
- your employment details
- your tax residency details and taxpayer identification number (including tax file number), and
- your reasons for applying for a product or service.
We may also collect personal information (including credit-related information) about you from third parties, such as any referees that you provide, your employer, other credit providers and third party service providers including credit reporting bodies. Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers and others in the credit industry to assist them in managing credit risk, collecting debts and other activities. You can also ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.
Some information is created through our internal processes, like credit eligibility scoring information.
We may use your personal information (including credit-related information) for the purpose of providing products and services to you and managing our business. This may include:
- assessing and processing your application for the products and services we offer
- establishing and providing our systems and processes to provide our products and services to you
- executing your instructions
- charging and billing
- uses required or authorised by law
- maintaining and developing our business systems and infrastructure
- research and development
- collecting overdue payments due under our credit products
- managing our rights and obligations regarding external payment systems, and
- marketing, including direct marketing.
We do not use (or disclose) your personal information (including credit-related information) for a purpose other than:
- a purpose you would reasonably expect
- a purpose required or permitted by law, or
- a purpose otherwise disclosed to you to which you have consented.
We may disclose your personal information (including credit-related information) to other organisations, for example:
- our related companies
- external organisations that are our assignees, agents or contractors
- external service providers to us, such as organisations which we use to verify your identity, payment systems operators, mailing houses and research consultants
- insurers and re-insurers, where insurance is provided in connection with our services to you
- superannuation funds, where superannuation services are provided to you
- other financial institutions, for example, when you apply for a loan from another credit provider and you agree to us providing information
- credit reporting bodies, including disclosing that you are in default under a credit agreement or commit a serious credit infringement, if that is the case
- lenders' mortgage insurers, where relevant to credit we have provided
- debt collecting agencies, if you have not repaid a loan as required
- our professional advisors, such as accountants, lawyers and auditors
- state or territory authorities that give assistance to facilitate the provision of home loans to individuals
- certain entities that have bought or otherwise obtained an interest in your credit product, or that are considering doing so, and their professional advisors
- any organisation with which we are considering merging
- your representative, for example, lawyer, mortgage broker, financial advisor or attorney, as authorised by you, or
- if required or authorised by law, to government and regulatory authorities.
We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.
We may also disclose your personal information (including credit-related information) to an individual or an organisation (a ‘third party’) if:
- you direct us to do so
- you consent to the third party obtaining the information from us, or
- you consent to the third party accessing the information on our systems, and/or do anything which enables the third party to obtain access.
Your consent to a third party obtaining or accessing information may be implied from:
- your use of any service or application which a third party provides to you, or makes available to you, which involves the third party obtaining or accessing personal information held by us or organisations like us, or
- you doing anything else which enables the third party to obtain access to the information.
The Consumer Data Right gives you the right to:
- access some of the data (including personal information) held about you by us and by other data holders (‘CDR Data’);
- consent to an accredited third party accessing your CDR Data held by us; and
- consent to us accessing your CDR Data held by another data holder.
We have a policy about our management of CDR Data which is available through our website. You can also get an electronic or hard copy from us on request.
5. Sensitive information
Where it is necessary to do so, we may collect personal information about you that is sensitive. Sensitive information includes information about an individual's health, and membership of a professional or trade association.
Unless we are required or permitted by law to collect that information, we will obtain your consent. However, if the information relates directly to your ability to meet financial obligations that you owe to us, you are treated as having consented to its collection.
6. Refusal of credit applications
We may refuse an application for consumer credit made by you individually or with other applicants. Our refusal may be based on credit eligibility information obtained from a credit reporting body about either you, another applicant or another person proposed as guarantor. In that case, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.
We take all reasonable steps to ensure that your personal information (including credit-related information), held on our website or otherwise, is protected from:
- misuse, interference and loss, and
- unauthorised access, disclosure or modification.
Your personal information may be held by us in paper or electronic form. All personal information is stored within secure systems which are in controlled facilities. There are restrictions on who may access personal information and for what purposes. Our employees, contractors, service providers and authorised agents are obliged to respect the confidentiality of personal information held by us.
If we suspect or believe that there has been any unauthorised access to, disclosure of, or loss of, personal information held by us, we will promptly investigate the matter and take appropriate action, and we will comply with any obligations in relation to notifiable data breaches that are in force under the Privacy Act.
We ask you to keep your passwords, personal identification numbers, and tokens and other devices safe, in accordance with our suggestions.
You can also help to keep the personal information that we hold about you secure by taking care before you authorise or otherwise assist any third party to obtain or gain access to that information (see ‘Disclosure’ above). You should never provide or disclose any of your passwords or personal identification numbers to any third party to enable the third party to obtain or access to your personal information. If you do, you may breach the ePayments Code and the terms and conditions applying to the products and services we provide to you and you may be liable for any unauthorised transactions that subsequently occur.
When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we take reasonable steps to ensure that it is destroyed or de-identified.
Visiting our website
Anytime you access an unsecured part of our website, that is, a public page that does not require you to log on, we will collect information about your visit, such as:
- the time and date of the visit
- any information or documentation that you download
- your browser type, and
- internet protocol details of the device used to access the site.
Our website may also include calculators, which may require you to enter your personal details. If you save the data you enter on the calculator, this information will be stored.
You may change the settings on your browser to reject cookies, but doing so might prevent you from accessing the secured pages of our website.
We have a policy about our use and management of cookies which is available through our website.
We use up-to-date security measures on our website to protect your personal information (including credit-related information). Any data containing personal, credit or related information which we transmit via the internet is encrypted. However, we cannot guarantee that any information transmitted via the internet by us, or yourself, is entirely secure. You use our website at your own risk.
Links on our website
We will respond to your request for access within a reasonable time. If we refuse to give you access to any of your personal information, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. You can contact our Privacy Officer if you would like to challenge our decision to refuse access.
We may recover the reasonable costs of our response to a request for access to personal information.
10. Accuracy and Correction
Where we are permitted to do so by law, we may use your personal information, including your contact details, to provide you with information about products and services, including those of other organisations, which we consider may be of interest to you, unless you request not to receive marketing communications. If you are on the Do Not Call Register, while you are our customer we will infer from our relationship with you that you consent to receiving telemarketing calls from us, unless you notify us that you do not wish to receive such calls.
Unless we have first obtained your consent, we will not provide your personal information to other organisations to use for their marketing purposes.
To help us reach the right people with our credit marketing communications, we may ask a credit reporting body to "pre-screen" a list of potential recipients of our marketing communications against our eligibility criteria to remove recipients who do not meet those criteria. The credit reporting body cannot use information about your existing loans or repayment history in carrying out its pre-screening and it must destroy its pre-screening assessment once it has given us, or a contractor acting on our behalf, the list of eligible recipients. If you do not want your credit information used for pre-screening by a credit reporting body that holds credit information about you, you can opt-out by informing that credit reporting body, whose contact details are on their website.
13. Questions and complaints
Bank First welcomes and values feedback and complaints, and is committed to managing and resolving complaints and disputes through action. You can lodge a complaint online, email, phone, social media, letter, or in person. Further information about our Complaint and Dispute Resolution process can be found on our website, bankfirst.com.au, by contacting us on 1300 654 822 or +61 3 9834 8560, or when you next visit our branches.
We will manage your complaint with objectivity and fairness, and aim to resolve it as quickly as possible. We will keep you informed of our progress and advise you if we cannot resolve your complaint within 21 days.
If you are still not satisfied, you can contact external bodies that deal with privacy complaints. These are the Australian Financial Complaints Authority, which is our external dispute resolution scheme, and the Office of the Australian Information Commissioner, both are free for customers to access. Either of these bodies may forward your complaint to another external dispute resolution body if it considers the complaint would be better handled by that other body.
Australian Financial Complaints Authority
Post: GPO Box 3 Melbourne VIC 3001
Telephone: 1800 931 678
Office of the Australian Information Commissioner
Post: GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
14. Privacy Officer
© Copyright exists in this document