Privacy Policy Statement

Privacy and the Information Handling Practices of the Commonwealth Bank Group

HOW WE HANDLE YOUR PERSONAL INFORMATION

Personal information is information or opinion that allows others to identify you. It includes your name, age, gender, contact details, as well as your health and financial information. We are part of the Commonwealth Bank Group (the 'Group'). We will act to protect your personal information in accordance with the National Privacy Principles or an industry privacy code.

The Group is a collection of related organisations that provide banking, finance, insurance, funds management, financial planning and advice, superannuation, stockbroking and other services.

We value your trust, and aim to help you manage and build wealth over a long period. The protection of your personal information is a vital part of this relationship. It is supported by our long experience of keeping personal information confidential.

We collect personal information to provide you with the products and services you request as well as information on other products and services offered by or through us. The law may also require us to collect personal information. We will tell you who collects the personal information, advise you of their contact details, your right of access to that information, and what will happen if you choose not to provide the information.

Personal information may be used and disclosed within the Group to administer our products and services, as well as for prudential and risk management purposes and, unless you tell us otherwise, to provide you with related marketing information. We also use the information we hold to help detect and prevent illegal activity. We co-operate with police and other enforcement bodies as required or allowed by law.

We disclose relevant personal information to external organisations that help us provide services. These organisations are bound by confidentiality arrangements. They may include overseas organisations. You can seek access to the personal information we hold about you. If the information we hold about you is inaccurate, incomplete, or outdated, please inform us so that we can correct it. If we deny access to your personal information, we will let you know why. For example, we may give an explanation of a commercially-sensitive decision, rather than direct access to evaluative information connected with it.

Further information and feedback

The pages that follow contain more detailed information about our privacy and information handling practices.

If you have any questions or would like further information on our privacy and information handling practices, please contact us:

Commomwealth Bank Group
Email CustomerRelations@cba.com.au
Telephone 1800 805 605*
Mail Privacy Officer
Customer Relations
Commonwealth Bank Group
Reply Paid 41
Sydney NSW 2001

* A free call unless made from a mobile phone, which will be charged at the applicable mobile rate.

WHAT YOU NEED TO KNOW AND WHERE TO FIND IT

Background
Collection of personal information
Members of the Group
Other disclosures
Personal information quality
Personal information security
Online
Telephone
Marketing
Changes to our privacy and information handling practices
Access to personal information
Contact us about our privacy and information handling practices

BACKGROUND

Common law duty of confidentiality

As part of the general law governing the banker/customer contract, banks have always been required to keep any information about their customers in the strictest confidence. Traditionally, banks could only disclose information they hold about a customer if:

  • they had the customer's express or implied consent;
  • the disclosure was compelled by law; for example, under Taxation Acts;
  • the disclosure was required in the best interests of the bank; for example, to a court if a bank is defending or conducting legal action involving a customer. This exception does not, as it is sometimes thought, allow a bank to disclose information for any purpose it chooses;
    or
  • the disclosure was in the public interest; for example, if a customer's dealings indicate that he or she was trading with the enemy during a time of war. This exception is used rarely and only in the most serious circumstances.
As a matter of policy, all members of the Group observed this standard of confidentiality. Whilst these general requirements remain in place for banks, all members of the Group now have broader obligations, under the National Privacy Principles, which are contained in the Privacy Act 1988 (Cwth).

Privacy Act 1988

The Commonwealth Government has enacted privacy legislation to protect information held by all credit providers (not just banks) about their customers' personal credit dealings. Since 1991, under Part IIIA of the Privacy Act, credit providers (that includes the Commonwealth Bank Group) have only been allowed to disclose information about personal credit dealings to certain classes of persons (such as another bank or a credit union) for certain very limited purposes.

Privacy Amendment (Private Sector) Act 2000

In December 2000, the Commonwealth Government enacted further privacy legislation, which commenced 21 December 2001, amending the Privacy Act (implementing the National Privacy Principles) to include provisions that regulate the way private sector organisations collect, use, disclose, keep secure and provide access to personal information.

The Group acts to protect your personal information in accordance with the National Privacy Principles.

This document

The information in this document details how we comply with the requirements of the Privacy Act in protecting the personal information we hold about you.

COLLECTION OF PERSONAL INFORMATION

What is "personal information"?

Personal information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Why we collect information

Personal information is collected so that we may:

  • administer our customer relationships;
  • provide customers with the products and services they request and, unless they tell us otherwise, to provide information on products and services offered by the collecting member, other members of the Group, affiliated product and service providers, and external product and service providers for whom we act as agent. If you have provided us with your email or mobile phone details, we may provide information to you electronically with respect to those products and services.
Personal information may also be used for:
  • monitoring and evaluating products and services;
  • gathering and aggregating information for statistical, prudential, actuarial and research purposes;
  • assisting customers with queries; and
  • taking measures to detect and prevent frauds and credit loss.

What we collect

Personal information collected by members of the Group generally comprises name, address, date of birth, gender, marital status, occupation, account details, contact details (including telephone, facsimile and e-mail) and financial information. Sometimes we collect a few personal details unlikely to be known to other people to help us identify you over the telephone.

If you are applying for credit we may also collect the number and ages of your dependants, the length of time at your current address, your employer's name and contact details, the length of your employment, proof of earnings and, if you have changed employer in the last few years, details of your previous employment. We use this information to assist in making responsible credit decisions. In addition, as required by Part IIIA of the Privacy Act 1988, we will obtain your consent to collect, use and disclose credit information about you.

If you have or are applying for life insurance or income protection insurance, we also collect medical and lifestyle information that relates to the insurance. This information may include your sexual activity and is collected so we may assess whether to accept your insurance proposal and, if so, on what terms.

If you are applying to join an affinity (professional associations and organisations) program, we will collect information regarding your membership of the relevant body so that we may confirm your eligibility to participate.

We are required by law to identify you if you are opening a new account or adding a new signatory to an existing account. The Financial Transaction Reports Act 1988 requires us to sight and record details of certain documents (for example, birth certificate, passport) in order to achieve 100 points of identification.

Where it is necessary to do so, we also collect information on individuals such as company directors and officers (where the company is our customer) as well as customers' agents and persons dealing with us on a 'one-off' basis.

We may take steps to verify the information we collect; for example, a birth certificate provided as identification may be verified with records held by the Registry of Births, Deaths and Marriages to protect against impersonation, or we may verify with an employer that employment and remuneration information provided in an application for credit is accurate.

We do not collect information about your political or religious beliefs, or ethnic background.

What if you provide incomplete or inaccurate information?

We may not be able to provide you with the products or services you are seeking.

Obtaining your consent

In most cases, before or at the time of taking out a new product from a member of the Group (or, if that is not practicable, as soon as practicable thereafter) the collecting member obtains your consent to the purposes for which it intends to use and disclose your personal information.

If you do not give us consent, we may not be able to provide you with the products or services you want. This is because it is impracticable for us to treat some customers differently because, for example, they don't want their statements to be prepared and mailed by an external provider we have made arrangements with to provide this service to all customers.

Please refer to the "Other Disclosures" section for details of the confidentiality arrangements that apply when functions are outsourced.

Withdrawing consent

Having provided consent, you are able to withdraw it at any time. To withdraw consent, please contact the member of the Group from whom consent is to be withdrawn. Please note that withdrawing your consent may lead to the Group member no longer being able to provide you with the product or service you enjoy given that, as mentioned above, it is impracticable for us to treat some customers differently.

Information collected from someone else

In some cases, your personal information may be provided to us by agents, or by family members or friends. We will take reasonable steps to let you know that we have your personal information, unless it is obvious from the circumstances that you know or would expect us to have the information, such as where a broker is acting on your behalf. Reasonable steps may include asking the person who gave us your information to let you know that we have that information.

Collection from young people

Requests from young people (those under 16 years of age) to open bank accounts are normally satisfied by opening specially designed accounts. These accounts are opened in the name of the young person, although a parent or guardian's personal information is also collected. The parent or guardian is the authorised signatory who operates the account, and who provides the consent to the use and disclosure of personal information.

A direct request from a young person to open or operate an account or to acquire other products or services from the Group in his/her own name is considered on its merits.

MEMBERS OF THE GROUP

The Group includes Commonwealth Bank of Australia ('the Bank') and its related bodies corporate. It also includes affiliated entities, which are organisations which appear in the Group's consolidated financial statements.

Members of the Group in Australia that have collected personal information are permitted by the Privacy Act to disclose personal information to other members of the Group. This enables the Group to have an integrated view of its customers.

Overseas subsidiaries are not bound by Australian privacy law but are bound by any local privacy laws and will treat your information as confidential.

Members of the Group, and a brief description of the services they provide, include:
Related bodies corporate

  • Commonwealth Bank of Australia ABN 48 123 123 124 (banking and finance)
  • Commonwealth Financial Planning Limited ABN 65 003 900 169 (financial planning)
  • Commonwealth Insurance Limited ABN 96 067 524 216 (general insurance)
  • Commonwealth Securities Limited ABN 60 067 254 399 (broker)
  • Commonwealth Private Ltd ABN 30 125 238 039 (Private Banking and Advice)
  • The Colonial Mutual Life Assurance Society Limited ABN 12 004 021 809 (life, risk, superannuation and retirement products)
  • HomePath Pty Ltd ABN 35 081 986 530 (online home lending)
  • CBFC Limited ABN 26 008 519 462 (finance products)
  • ASB Bank Limited Incorporated in New Zealand (banking and finance)
  • Sovereign Limited Incorporated in New Zealand (life insurance)
  • CMG Asia Limited Incorporated in Bermuda operates in Hong Kong (life insurance)
  • Colonial Fiji Life Limited Incorporated in Fiji (life and health insurance)
  • PT Bank Commonwealth Incorporated in Indonesia (banking and finance)
Affiliated entities
  • eCommLegal ABN 80 113 149 429 (various legal products and services)
These are the main current principal operating entities of the Group as at the date of this document. A full listing of the controlled entities of the Group can be found in the Commonwealth Bank of Australia's latest Annual Report.

OTHER DISCLOSURES

Who we may communicate with

Depending on the product or service you have and the member of the Group you are dealing with, we may exchange personal information with:

  • brokers and agents who refer your business to us;
  • valuers and insurers if you are borrowing from us to purchase property (so that we can obtain a valuation of your property, and confirm that it is insured) ;
  • affiliated product and service providers and external product and service providers for whom we act as agent (so that they may provide you with the product or service you seek or in which you have expressed an interest);
  • auditors we appoint to ensure the integrity of our operations;
  • auctioneers (if we have to sell a property we hold as security to recover moneys owing to us);
  • real estate agents (to confirm details of a property you are purchasing or if we have to sell a property we hold as security. We will not, however, without your specific written permission, confirm to real estate agents the outcome of your application for finance);
  • lenders' mortgage insurers (if we have to take out insurance because of the amount you are borrowing exceeds a certain percentage of the property's value) (Note that mortgage insurers may also use and disclose personal information in accordance with the National Privacy Principles for their own purposes, which may include disclosure to credit reporting agencies, service providers and reinsurers. They will not, however, use your personal information for marketing purposes.);
  • any person acting on your behalf, including your financial adviser, solicitor and accountant; executor, administrator, trustee, guardian or attorney;
  • your referee (to confirm details about you);
  • if required or authorised to do so, regulatory bodies and government agencies ;
  • credit reporting agencies (see the section 'Exchanging information with a credit reporting agency') insurers, including proposed insurers and insurance reference agencies (where we are considering whether to accept a proposal of insurance from you and, if so, on what terms);
  • claims assessors and investigators, claims managers, builders, architects and engineers, and reinsurers (so that your claim can be assessed and managed);
  • medical practitioners (to verify or clarify, if necessary, any health information you may provide);
  • other financial institutions and organisations at their request if you seek credit from them (so that they may assess whether to offer you credit);
  • suppliers from whom we order goods on your behalf (so that the goods may be provided to you);
  • agents who assist us to dispose of property or equipment, such as at the end of a financing arrangement (so that the property or equipment may be disposed);
  • investors, advisers, trustees and ratings agencies where credit facilities and receivables are pooled and sold (securitised) (see the section "Securitisation")
  • other organisations who in conjunction with us provide products and services (so that they may provide their products and services to you); and
  • professional associations or organisations with whom we conduct an affinity relationship (to verify your membership of those associations or organisations).
If we have used an example to indicate when we might exchange personal information, the exchange of personal information may not be limited to those examples or examples of a similar kind.

Outsourcing

We disclose personal information when we outsource certain functions, including bulk mailing, card and cheque book production, market research, direct marketing, statement production, debt recovery and information technology support. We also seek expert help from time to time to help us improve our systems, products and services.

We use banking agents, for example, local businesses, to help provide you with face-to-face banking services. These agents collect personal information on our behalf.

In all circumstances where personal information may become known to our contractors, agents and outsourced service providers, there are confidentiality arrangements in place. Contractors, agents and outsourced service providers are not able to use or disclose personal information for any purposes other than our own.

The exception is Woolworths Ezy Banking, a joint initiative of Woolworths Limited ABN 88 000 014 675 and the Commonwealth Bank of Australia ABN 48 123 123 124, where information is shared with and used by Woolworths Limited with the consent of the Woolworths Ezy Banking customer.

The Group takes its obligations to protect customer information very seriously and we make every effort to deal only with parties who share and demonstrate the same attitude.

Sending personal information overseas

We send personal information overseas if we outsource functions using overseas agents or contractors, or to complete a particular transaction, such as an International Money Transfer. Your personal information may also be accessed by our Group staff in other countries, if that becomes necessary for transactional reasons or to enhance our relationship with you.

Exchanging information with credit reporting agency

When you apply for credit we need to be in a position to decide whether or not you are likely to repay. Our decision will be based on your current financial position (including your other credit repayments) and on your credit history (whether in the past you have been a reliable repayer). We will consider the information you give us when you fill out your application and may check that information with a credit reporting agency and with any other credit provider with whom you have had dealings.

In checking with a credit reporting agency, we are looking to confirm the completeness and accuracy of information you have provided on your application form. This helps you as well as us because we do not want to give you further credit if, given your existing borrowings, you will have difficulty making repayments.

Where the Privacy Act applies we can only give information about you to a credit reporting agency if we first have told you that we will do so, and we can only obtain information about you from a credit reporting agency if we have your consent.

You may obtain a copy of credit reports about you. Please refer to the "Access to personal information" section for details of how to do this.

Disclosure required by law

We may be required by law to disclose information, for example, when we are served with a court order. We may also be required by a Government Agency to produce information and records, for example, pursuant to taxation or social security laws.

Disclosure as a result of your actions

There may be circumstances in which we consider you, by your actions, to have released us from our duty of confidentiality or to have consented to the disclosure of information about you without actually saying so (for example, if you discuss your financial position publicly to the media, in such a way as to leave us with little alternative but to respond publicly).

Securitisation

Securitisation involves the pooling of assets (such as loans) of a similar kind and the sale of the pooled assets to a special purpose vehicle. To facilitate the process, we may disclose personal information to any person to whom our rights in the assets are to pass or proposed to pass and to any ratings agencies, trustees, investors and advisors involved in the transaction.

PERSONAL INFORMATION QUALITY

Our goal is to ensure that the personal information we hold is accurate, complete and up-to-date. Please contact us if any of the details you have provided change. Please also contact us if you believe that the information we have about you is not accurate, complete or up-to-date.

We may take steps to update personal information, for example, an address, by collecting personal information from publicly available sources, for example, telephone directories or electoral rolls.

PERSONAL INFORMATION SECURITY

We are committed to keeping secure the personal information you provide to us. We take all reasonable precautions to protect the personal information we hold about you from misuse and loss and from unauthorised access, modification or disclosure.

We have a range of physical and technology policies in place to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them.

Our security measures include, but are not limited to:

  • educating our staff as to their obligations with regard to your personal information;
  • requiring our staff to use passwords and/or smartcards when accessing our systems;
  • encrypting data sent from your computer to our systems during Internet transactions and customer access codes transmitted across networks;
  • employing firewalls, intrusion detection systems and virus scanning tools to prevent unauthorised persons and viruses from entering our systems;
  • using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;
  • practising a clean desk policy in all premises occupied by the Group and providing secure storage for physical records; and
  • employing physical and electronic means such as alarms, cameras and guards (as required) to protect against unauthorised access to buildings.
Where information we hold is identified as no longer needed for any purpose we ensure it is effectively and securely destroyed, for example, by shredding or pulping in the case of paper records or by degaussing (demagnetism of the medium using alternating electric currents) and other means in the case of electronic records and equipment.

ONLINE

Collection of information via web site activity

For statistical purposes we collect information on web site activity (such as the number of users who visit our web sites, the date and time of visits, the number of pages viewed, navigation patterns, what country and what systems users have used to access the site and, when entering one of our web sites from another web site, the address of that web site) through the use of "cookies". This information on its own does not identify an individual but it does provide members of the Group with statistics that can be used to analyse and improve their web sites.

Cookies

A 'cookie' is a packet of information that allows the server (the computer that houses the web site) to identify and interact more effectively with your computer.

When you use one of our web sites, we send you a temporary cookie that gives you a unique identification number. A different identification number is sent each time you use one of our web sites. Cookies do not identify individual users, although they do identify a user's browser type and your Internet Service Provider (ISP).

You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please refer to your browser instructions or help screens to learn more about these functions. If you reject all cookies, you may not be able to use our web sites.

To evaluate the effectiveness of our web site advertising, we may use third parties to collect statistical data. No personal data is collected on these occasions.

Links to other websites

Our web sites may contain links to non-Group web sites. Whilst such links are provided for your convenience, you should be aware that the information handling practices of the linked web sites might not be the same as ours.

TELEPHONE

We may monitor and record telephone calls for training and security purposes.

MARKETING

Personal information is shared between members of the Group. They may provide you with information on their products and services which may be of interest to you.

Information on members of the Group and the products and services they provide is set out under "Members of the Group".

To opt-out of receiving marketing information altogether, you can:-

  • "tick the box" on the relevant form when you apply for a product or service; or
  • call us on 13 2221.

CHANGES TO OUR PRIVACY AND INFORMATION HANDLING PRACTICES

The Group may make changes to its privacy and information handling practices from time to time for any reason. We will publish those changes on our web sites and, if there are important changes or a lot of minor changes, by updating this document. This document is dated March 2007.

ACCESS TO PERSONAL INFORMATION

You can request us to provide you with access to the personal information we hold about you.

How to gain access

Requests for access to limited amounts of personal information, such as checking to see what address or telephone number we have recorded, can generally be handled in a branch or over the telephone.

With regards to request for access to more substantial amounts of personal information, such as details of what is recorded in your loan file, we will require you to complete and sign the attached "Request for Access to Personal Information under the National Privacy Principles" form, and either mail it to the Privacy Officer, Customer Relations, Commonwealth Bank Group, Reply Paid 41, Sydney NSW 2001, or hand it in at any Commonwealth Bank branch. Following receipt of your request, our Customer Relations area will provide you with an estimate of the access charge and confirm that you want to proceed. Unless you have authorised us to debit your account, access will not be provided until payment is received.

If you wish to access information that is held by Commonwealth Private Ltd, you will need to obtain and complete a separate request form by contacting: Privacy Officer, Customer Relations, Commonwealth Bank Group, Reply Paid 41, Sydney NSW 2001.
Telephone 1800 805 605.

An access charge may apply

An access charge may apply, but not to the request itself. The charge is for the time we spend on locating, collating and explaining the information you request (generally based on a rate of $60 per hour or part thereof) plus any photocopying costs and out of pocket expenses (such as freight and travelling costs).

Responding to an access request

We will respond to your access request as soon as possible. We will endeavour to comply with your request within 14 days of its receipt but, if that deadline cannot be met owing to exceptional circumstances, your request will be dealt with within 30 days. It will help us provide access if you can tell us what you are looking for. Your identity will be confirmed (including by verifying your signature) before access is provided.

Requests may be denied or limited

If particular circumstances apply, we are permitted by the Privacy Act to deny your request for access, or limit the access we provide. We will let you know why your request is denied or limited. For example, we may give an explanation of a commercially-sensitive decision, rather than direct access to evaluative information connected with it.

Jointly held information

Where we hold your personal information in conjunction with that of another individual or individuals (eg where you jointly conduct an account), we will allow each individual access to their own personal information and to the joint information (eg account balances and transaction details) but not to the personal information of the other individual(s).

Access to a credit report about you

You have the right to ask for a copy of any credit report we have obtained about you from a credit reporting agency. However, as we may not have retained a copy after we have used it in accordance with Part IIIA of the Privacy Act, the best means of obtaining an up-to-date copy is to get in touch with the credit reporting agency direct. You have a right to have any inaccuracies corrected or, if there is any dispute as to accuracy, to have a note added to your credit reporting agency file explaining your position.

If we decline your credit application wholly or partly because of adverse information on your credit report, the Privacy Act requires us to tell you of that fact and how you can go about getting a copy of your credit report.

The major credit reporting agency in Australia is Veda Advantage Business Information Services Limited. As the largest agency, it is likely that it will be Veda Advantage Business Information Services Limited that you will need to contact in relation to access to an up-to-date copy of your credit report and any correction of information on your file. Veda Advantage Business Information Services Limited has established a specific public access division to handle these matters: Public Access Division, Veda Advantage Business Information Services Limited, PO Box 964, North Sydney NSW 2059.

CONTACT US ABOUT OUR PRIVACY AND INFORMATION HANDLING PRACTICES

If you have any questions or would like further information about our privacy and information handling practices, please contact us:

Commomwealth Bank Group
Email CustomerRelations@cba.com.au
Telephone 1800 805 605*
Mail Privacy Officer
Customer Relations
Commonwealth Bank Group
Reply Paid 41
Sydney NSW 2001

* A free call unless made from a mobile phone, which will be charged at the applicable mobile rate.

Making a privacy complaint

We recognise that even in the best run organisations things can go wrong. Should you have a privacy complaint, please tell us because it gives us the opportunity to fix the problem. We offer a free internal complaint resolution scheme to all of our customers. Our personal and small business customers also have free access to an external dispute resolution scheme.

To assist us in helping you, we ask you to follow a simple three-step process:

1. Gather all supporting documents about the matter of complaint, think about the questions you want answered and decide on what you want us to do.

2. Contact the relevant Group member, where your situation will be reviewed and if possible resolved straight away. A quick chat is all that's required to resolve most issues.

3. If at this stage the matter has not been resolved to your satisfaction, please contact our Customer Relations team using the above contact points. We will provide you with the name and contact details of the officer who will investigate your complaint, answer your questions and do all they can to regain your confidence.

If you are still not satisfied, we will tell you about the external dispute resolution avenues available to you.

SITE SECURITY

Your Data is Secure

To protect your confidential data we have invested in an SSL certificate from VeriSign. You can learn more about the Internet security of your data.

 VeriSign

Commonwealth Private logo

Important Information     Privacy Policy     Quick Security Tips     Financial Services Guide

This information has been prepared by Commonwealth Private Ltd ABN 30 125 238 039 AFSL 314018 without taking account of the objectives, financial situation or needs of any particular individual. You should, before acting on this advice, consider its appropriateness to your circumstances. Service is provided by a team consisting of a Private Banker who is a representative of Commonwealth Bank of Australia ABN 48 123 123 124 and Financial & Insurance Advisers who are representatives of Commonwealth Private Ltd.

You are here: Home > Commonwealth Private Bank > Privacy Policy Statement
Commonwealth Bank of Australia
Skip to main content
Security & privacy | Site map | Important information | Other sites © Commonwealth Bank of Australia 2007 ABN 48 123 123 124