Members Equity Bank Ltd and its subsidiary ME Portfolio Management Limited (referred to as ME Bank, we us or our) has implemented this Privacy and Credit Reporting Policy to provide you with information about how we collect, hold and use the personal information and credit-related personal information that you provide to us.
We appreciate that the protection of your personal information, which has been provided in the course of business, is of the utmost importance to you and to us, as is the need to base our relationship on mutual trust. Our management and staff are aware of the need, and are trained, to exercise the utmost discretion in handling your personal information and credit-related personal information.
We will apply our privacy compliance procedures in relation to any personal information and credit-related personal information which we gather in the course of carrying on our business. These are based on privacy legislation including until 12 March 2014, the National Privacy Principles for the Fair Handling of Personal Information (NPPs), and after 12 March 2014 the Australian Privacy Principles (APPs). In addition, our procedures for handling credit-related personal information are based on the requirements for credit reporting set out in Part IIIA of the Privacy Act. We regard all the personal information we have collected from and about you as being equally sensitive and undertake to treat it all in accordance with the principles set out in this Privacy and Credit Reporting Policy.
1. Contacting us
If you have any general privacy or credit reporting enquiries, access and correction requests and complaints please contact us:
- in writing to:
- The Privacy Officer - ME Bank
- GPO 1345, Melbourne 3001; or
- by calling us on 13 15 63; or
- email us at firstname.lastname@example.org.
A copy of this Privacy and Credit Reporting Policy is available at www.mebank.com.au or on request at the contact details set out above.
2. Collection of Information
2.1 We only collect personal information which is relevant to and necessary for a legitimate function or activity of our business or for related purposes.
2.2 Personal information is information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable from the information or opinion.
2.3 The types of personal information that we collect may include (but is not limited to) the following:
- full name, date of birth, gender;
- Tax File Number, residence status and passport details;
- drivers licence number;
- contact details including residential and postal address, telephone numbers (home, work and mobile), email address;
- bank account details;
- financial information;
- name of superannuation fund;
- contact details for authorised representatives and designated users appointed to operate business deposit account; and
- information provided in employment applications.
2.4 In addition, where relevant for credit accounts we may also collect:
- marital status, number of dependents;
- income details;
- expense details;
- details of council rate notices, property valuations, contract of sale, evidence of property insurance;
- First Home Owner Grant applications; and
- details relevant to any hardship applications (for example, doctor's letter, payslips, separation certificates).
2.5 Sensitive information includes, for the purpose of carrying on our business, information or an opinion about an individual's:
- membership of a professional or trade association; or
- membership of a trade union.
2.6 With your consent, we may collect sensitive information about you, including details of trade union membership.
2.7 We may collect your personal or sensitive information when you:
- visit our website;
- apply for our products and services;
- request information about us, our products or our services;
- provide feedback about our products or services;
- respond to surveys or enter our competitions;
- apply for a position with us; or
- contact us by telephone, fax, email, post or in person.
2.8 We may also collect personal information about you via third parties (for example, from our alliance partner organisations). However, we will only collect your personal information in this way if it is unreasonable or impractical to collect this information directly from you or if we are otherwise permitted to do so. To the extent we consider it relevant to assessing your application for consumer or commercial credit, we may obtain a credit report from a credit reporting body that contains personal information.
Credit-related Personal Information
2.9 We may collect all types of credit information (including repayment history information), credit reporting information and credit eligibility information, being information relevant to our credit products as described below:
- identification information;
- type and amount of credit sought in a credit application;
- default information;
- payment information if you pay a default previously listed with a credit reporting body;
- new arrangement information if we vary a consumer credit contract that we’ve previously listed default information about;
- details about court proceedings;
- serious credit infringements;
- consumer credit liability information (the fact that you have applied to us for credit and the amount, the type or the amount of consumer credit provided by us, the account opening date or the closing date for consumer credit); and
- repayment history information.
Credit information is the basic category of personal information in the credit reporting system. It includes the following types of information collected by us that we may give to a credit reporting body, such as Veda:
Credit information does not include sensitive information – eg criminal record, medical history.
Credit reporting information means credit information that a credit reporting body holds or personal information a credit reporting body derives from credit information it holds about an individual. This will be the information that we receive from a credit reporting body about a borrower, loan applicant or guarantor.
Credit eligibility information refers to the information disclosed by a credit reporting body to us; or the information derived by us from that credit reporting information (for example a credit score).
The terms credit information, credit reporting information and credit eligibility information are collectively referred to as credit-related personal information in this Policy.
2.10 We collect credit-related personal information if you apply for or have a credit product with us. We may use credit-related personal information to create a credit score for you. We also collect credit-related personal information from Veda Advantage Information Services and Solutions Limited (Veda) (see section 3.45 below)
2.11 We will:
- only collect information by lawful and fair means and not in an unreasonable or intrusive way;
- tell you what, in broad outline, we intend to do with your personal information, including -
- whether we intend to disclose the information to any outside party and if so, the classes of persons or organisations to which it would be disclosed;
- if there is any relevant law that either requires or allows the collection of that particular information; and
- the main consequences for you if the information is not supplied;
- where it is reasonable and practicable to do so, collect personal information directly from you, but, if we have to collect information about you from someone else, we will, wherever possible, obtain your consent where the information is not already in the public domain;
- ensure that only permitted and accurate information is included in your credit information file, if any;
- only request or collect a tax file number for the purpose of carrying out responsibilities under taxation law; not collect sensitive information about you unless:
- you have consented;
- it is required or authorised by or under law; or
- it is necessary for the establishment, exercise or defence of a legal or equitable claim.
3. Use and Disclosure
3.1 We may use your personal information for:
- assessing your application for an ME Bank product;
- verifying your identity;
- consideration of any other application you make to us for financial products or services;
- customer relations including management of our relationship with you and market or customer satisfaction research and product development. If you are a member of or have a product with an alliance partner (including a superannuation fund, union, insurer, the Co-op or other third party that we have arrangements with), we may also use your information for the purpose of providing benefits to you or to obtain aggregate information for statistical or research purposes;
- compliance with legislative and regulatory requirements (including without limitation the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and payment systems requirements, and where applicable, the Income Tax Assessment Act 1936 and First Home Saver Accounts Act 2008;
- our internal operations including record keeping, risk management, auditing purposes, training, securitisation, credit scoring, file reviews and portfolio analysis;
- information technology systems development and testing;
- arrangements with other organisations to provide services in relation to our products and services (for example, we may arrange for mailing houses to distribute loan statements to customers);
- to investigate, resolve and prevent complaints;
- conducting fraud assessments;
- reporting and data analytics, including for regulatory, management, statistical or research purposes;
- to process any job application submitted by you and to establish a contract of employment; and
- marketing, which may include pre-screening assessments by a third party service provider for marketing purposes.
3.2 Where permitted by the Privacy Act and if we have your consent to do so (where consent is required), we may also seek and use your credit-related personal information from a credit reporting body:
- to assess an application for consumer or commercial credit (including, if applicable, for the provision of credit to you or to accept you as a guarantor);
- to collect overdue payments from you;
- for a securitisation related purpose;
- for our internal management purposes that are directly related to the management of consumer or commercial credit; and
- in circumstances where we reasonably believe that you have committed a serious credit infringement.
3.3 We may, where permitted by the Privacy Act, disclose your personal information and credit-related personal information (including repayment history information) to the following organisations:
- credit reporting bodies;
- our related entities, our service providers (for example mail houses and IT service providers) and alliance partners;
- our agents (for example debt collection agencies), contractors and external advisers (for example, our valuers, lawyers and auditors);
- your referees, including your employer (to confirm details about you);
- any person acting on your behalf, including your legal and financial advisers;
- your broker (if applicable);
- government and other regulatory bodies, law enforcement bodies and courts;
- external complaint resolution bodies (for example, the Financial Ombudsman Service), where required in connection with a complaint;
- rating agencies;
- payment system operators;
- other financial institutions and credit providers (i.e. for the purpose of collecting overdue payments);
- any person in Australia who has, or will, guarantee or provide property as security for the repayment of credit provided to you;
- another company for the purposes of considering whether to accept an assignment of debt or purchase of an interest in the credit provider;
- debt collection agencies (for the purpose of collecting overdue payments)
- another person or body in connection with securitisation arrangements for the purpose of purchasing, funding, managing or processing an application for credit or undertaking a credit enhancement;
- the mortgage insurer (to assess whether to issue lenders mortgage insurance, or the risks of you defaulting on your obligations as a borrower or guarantor, or for any other purpose arising under the mortgage insurance contract), other insurers or reinsurers (in respect of home loan customers only);
- another Australian credit provider or enforcement body if we believe that you have committed a serious credit infringement; and
- employee referees, for the purpose of assessing a job application made to us.
3.4 For home loan customers only, we may share your personal information and credit information with one of two mortgage insurers if mortgage insurance is required. Their contact details are as follows:
3.5 We may also disclose your personal information and credit information to Veda Advantage Information Services and Solutions Limited (Veda) or other credit reporting bodies as set out in this Privacy and Credit Reporting Policy from time to time. A copy of Veda's Credit Reporting Policy can be obtained by contacting Veda:
- by mail to Veda Information Services & Solutions Ltd, PO Box 964, North Sydney NSW 2059; or
- via their website at www.veda.com.au/privacy.
3.6 You should be aware that:
- credit reporting bodies may include credit information we provide to them about you in reports provided to other credit providers to assist them to assess your credit worthiness;
- if you fail to meet your payment obligations in relation to consumer credit, or commit a serious credit infringement, we may disclose this to a credit reporting body;
- you can request a credit reporting body not to use your credit reporting information for the purposes of pre-screening or direct marketing by us; and
- you can request a credit reporting body not to use or disclose your credit reporting information if you believe on reasonable grounds that you have been (or are likely to be) a victim of fraud.
4. Cross border disclosure of information
4.1 We will not send your personal information outside Australia unless we are satisfied that the overseas recipient of the information has adequate data protection arrangements in place, or you have consented to the transfer of the information.
4.2 We may disclose your personal information to our third party services providers for them to help us provide banking services to you. Our third party service providers may store or access your personal information overseas, including in Canada, USA, United Kingdom, Philippines, Singapore, New Zealand and Hong Kong.
5.1 We may use your personal information to keep you up to date with our products and services. If you do not want us to do this, please contact us. If we previously obtained your consent, we may disclose your personal information to an alliance partner with which we have arrangements. We may do this so that our alliance partners may contact you about other products or services that you may be interested in.
5.2 We may use information we receive about you from our alliance partners, such as insurers, to assist our staff in better identifying the products and services that may be relevant to you and for marketing and administrative purposes.
6. Storage and Data Security
6.1 We aim to keep your personal information and credit-related personal information secure. This includes any information that is collected via our website or which is held in either hard copy files or electronically on our computer systems either on our premises or offsite with our trusted third party service providers.
6.2 We will:
- take all reasonable security measures to protect the personal information and credit- related personal information we hold from misuse and loss and from unauthorised access, interference, modification or disclosure;
- where the Privacy Act specifically requires information to be handled in a particular manner, comply with the requirements of the Act. Where we no longer require your personal information or credit-related personal information, we will take reasonable steps to destroy or permanently de-identify that information and to ensure that we are not able to use or disclose digital records of the information.
6.3 We have stringent procedures which require our staff and third party service providers to ensure the safe handling and storage of all private and confidential information including procedures for safe custody and transit of information both inside and outside ME Bank, including the security of electronic submission and storage of credit-related personal information.
7. Access and Correction
7.1 You are entitled to access the personal information and credit-related personal information that we hold about you. We are committed to keeping up-to-date records of your personal information and credit-related personal information. You may request at any time that we grant you access to or correct your personal information or credit-related personal information by contacting our Privacy Officer (see Contact Us section).
7.2 We will:
- take reasonable steps to ensure that the information we hold about you is accurate, complete, relevant, up-to-date and not misleading when we collect, use or disclose it;
- deal promptly with your requests for access to or correction of your personal information or credit-related personal information and provide access to the information within a reasonable period after the request is made;
- ensure that access by your agent (if any) is limited to information allowed to be disclosed by your agreement;
- where we hold personal information or credit-related personal information about you that can readily be retrieved and you ask us to show it to you, provide you with access to the information unless denial of such access is specifically authorised or required by the Privacy Act.
- if appropriate, levy a reasonable charge for providing access to personal information (such a charge will not be excessive); and
- when we refuse to allow you access to personal information or credit-related personal information about you, or to correct information which you believe is incorrect, tell you why in writing.
7.3 We will:
- if we hold any personal information or credit-related personal information about you and we are satisfied that the information is inaccurate, irrelevant, incomplete, out-of-date or misleading, take reasonable steps to correct that information.
- respond to your request to correct your personal information within a reasonable period after the request is made;
- take reasonable steps to correct any credit-related personal information we hold within 30 days from the day on which the request is made or such longer period as you have agreed to in writing. If we consider that we cannot satisfy ourselves that the credit-related personal information is inaccurate, irrelevant, incomplete or out-of-date without consulting either a credit reporting body or another credit provider, we will consult other parties as necessary
- if we correct any of your personal information which we have previously disclosed to a third party, take reasonable steps to notify that party of the correction if you ask us to, unless we consider it impracticable to do so;
- if we correct any of your credit-related personal information which we have previously disclosed to a third party, give each recipient of the information written notice of the correction within a reasonable period, unless we consider it impracticable to do so;
- if we correct your credit-related personal information, we will provide you with a written notice of correction within a reasonable period; and
- not charge you for making a request to correct, or for correcting your personal information or credit-related personal information.
8. If you have a privacy question, problem or complaint about our use of your information
8.1 If you feel that your privacy has not been respected or that we have conducted ourselves inconsistently with this Privacy and Credit Reporting Policy, or for any other queries in relation to this Policy, please contact our Privacy Officer (see Contact Us section).
8.2 You should address any complaint in writing to ME Bank in the first instance. We will investigate your queries and complaints. If your complaint relates to:
- personal information, we will notify you of the outcome of our investigation within a reasonable period after the complaint is made;
- credit-related personal information, we will notify you of the outcome of our investigation within 30 days after the complaint is made or such longer period you have agreed in writing.
8.3 We are a member of the Financial Services Ombudsman (FOS). If you are not satisfied with the outcome of our investigation in relation to our handling of consumer credit-related personal information or an access or correction request you may take your complaint to FOS. A complaint relating to your personal information may ultimately be addressed to the Office of the Australian Information Commissioner.
9. ME Bank's Employee Personal Information
We also collect personal information about our current, past and prospective management, employees and contractors. The general personal information collected from these people includes:
- Contact details – name, gender, address, telephone, email address, emergency contact name and phone number, including name of doctor name and phone number;
- Police checks, ASIC banned search, bankruptcy search;
- Payroll, overtime, leave, novated lease and MYKI information;
- Bank account details and tax file number;
- Superannuation details;
- Performance reviews and exit interviews.
It may also include sensitive personal information:
- Union membership details – if a member of the Finance Sector Union, detail about union mediations for employment issues;
- Details for Workcover claims;
- Court orders/garnishees (if part of salary is to be paid as per a court order or garnishee notice).
We may use the personal information of current, past or prospective management, board members, employees, job applicants and contractors for purposes such as recruiting employees, assisting employees to perform their duties and develop in their careers, managing salary and leave entitlements, managing workers compensation and occupational health and safety issues in the workplace, contacting employees at home where necessary and dealing with employment matters generally (including without limitation, matters arising out of the ending of an employment or contractual relationship and/or disputes).
In some instances, we may disclose our employee personal information to:
- MYKI for employees’ MYKI pass applications.
- super funds, and unions for payroll/deduction purposes.
We may disclose information where required to by law or at the request of law enforcement agencies.
10. Visiting Our Website
You can browse our site anonymously without identifying yourself during your visit. We will only obtain information that personally identifies you when you specifically choose to provide it.
For example, during your visits to our web site you may:
- send messages or comments to us via the website, eg. through the "Contact Us" form; or
- conduct transactions online.
You will then need to give us certain personal information just as you would if you were communicating with us in person, by mail or by telephone.
11. Information collected via our website
When you visit and browse our website, we may collect information for statistical, reporting, maintenance, security, marketing and other purposes detailed below. We may also use advertising and tracking companies to collect this information for us.
The information collected by us is aggregated with other users and will not be used to personally identify you. The information may include:
- the website which referred you to our website;
- the date, time and duration of a visit;
- the IP address, browser and operating system of your device;
- the pages you viewed on our website; and
- your clicks, downloads and any errors you may encounter.
We use this information:
- to administer and enhance the performance, content and services offered on our website;
- to improve the effectiveness of our marketing activities;
- to monitor web traffic;
- to secure your transactions with us;
- to remember your preferences; and
- for other purposes.
The types of cookies we use include:
- advertising cookies which allow us to collect anonymous usage data and serve more relevant ads to you as you browse the internet;
- first party cookies (such as the Google Analytics cookie);
- third party cookies (such as the DoubleClick cookie); and
- other third party identifiers.
By using these we can better serve you with more relevant advertising across the Google Display Network and measure your interaction with our advertising.
We use remarketing to show you relevant offers on external websites based on your interactions with our website. We don’t record or send any information which can personally identify you. If you would like to opt out of this feature, you may visit the Network Advertising Initiative opt-out.
DoubleClick shares anonymised demographic and interests data with us through the use of third party cookies. We use this information to better understand who is coming to our site and how we can serve them better. You can elect to opt out of this feature at any time through the Google Analytics opt out add on or through updating your Ad Settings on Google.
12. E-mail Communications
If you choose to send us an e-mail message, we may retain the content of the e-mail, your e-mail address, and our response in order to service your needs.
We may update this Privacy and Credit Reporting Policy from time to time for any reason and to ensure it continues to meet the requirements of the Privacy Act, new laws, regulations and technology. We will also post any changes to our Online Consumer Information Practices on our website, so we encourage you to check this page from time to time.