1. About this Privacy Statement

We take your privacy very seriously and are committed to ensuring the protection of your personal information, no matter where you are located. Each member of the CommBank Group collects and handles your personal information in accordance with its legal obligations, including those under the Privacy Act 1988 (Cth).

The Commonwealth Bank of Australia and its subsidiaries (the CommBank Group) provide a wide range of banking, finance, insurance, funds management, financial planning and advice, superannuation, stockbroking and other services.

This Statement describes how your personal information and credit information is collected and handled by the following members of the CommBank Group:

  • the Commonwealth Bank of Australia
  • Commonwealth Securities Limited (CommSec)
  • Commonwealth Insurance Limited (CommInsure)
  • our international branches in China, Hong Kong, Tokyo (Japan), Singapore, London (United Kingdom), Malta, New Zealand and New York (the United States of America)
  • Commonwealth Bank of Australia (Europe) NV.

If you are located in the European Union or the United Kingdom, or if you are a customer of our Singapore or Tokyo branches, you may have additional rights. See additional rights at the end of this page for more information. 

2. Collection, use and sharing

2a. What information do we collect?

We collect your personal information directly from you most of the time, however on occasion, we may also collect information about you from other people and organisations.

We collect personal information when you:

  • enquire about, apply for, or use our products or services
  • contact us to make an enquiry or give us feedback
  • visit our website or use our digital services
  • participate in other activities we offer, such as competitions or surveys
  • talk to us or do business with us.

While we are required to collect some types of personal information to meet our legal obligations, we do attempt to keep our collection of your personal information to what is necessary to offer you the products and services you require. Depending on those products and services, or your interactions with the members of the CommBank Group, we may collect the following types of personal information:

Types of personal information
What kinds of personal information might be involved
Personal and contact details
This may include your name, address, email address, phone number, and date of birth.
Australian Government related identifiers and identity documents
These may include your:
  • Tax File Number and country of tax residency
  • Medicare card, Australian passport, driver licence, or pension card details
  • Securityholder Reference Number (SRN) or Holder Identification Number (HIN)
  • citizenship, birth, death and marriage certificates (for example, to verify your identity).
Foreign government identifiers and identity documents
This may include foreign government identity documents and identifiers such as:
  • tax identification number and country of tax residency
  • foreign passport and driver licence (for example, to verify your identity at the time you request a product or service).
Financial information
This may include:
  • details of your employment, income, assets, financial liabilities
  • copies of bank statements and credit card statements from other financial institutions
  • information from third parties about your credit history and insurance claims history.
Credit information
See Credit Reporting (Your credit information, Section 4) for the types of credit information that we collect.
Transaction information
This includes information about transactions that you have made using our products and services or in relation to CommBank Group securities. For example, your credit card transactions or ATM (Automatic Teller Machine) withdrawals.
Socio-demographic information
This may include your marital status, age, gender, number of dependents, occupation and nationality, for example when you apply for a home loan. 
Interaction information
This includes details of your interactions with us, such as when you visit a branch, call us, use our online services (such as Netbank, CommBiz or CommSec), make an enquiry, provide feedback, or make a complaint.
Digital information
We collect information from you electronically when you use our online services (such as Netbank, CommBiz or CommSec). This includes information such as:
  • location information (if enabled on your device)
  • IP address
  • details of the device used to access our digital services (including mobile and tablet)
  • details of the wi-fi network or mobile network used by your device
  • type of authentication used (for example touch ID or face ID.
More information about the digital information we collect is available in the Privacy Collection Notice for NetBank and the CommBank app. Importantly, we do not link this information to you unless we need to access these details for fraud or security reasons. Find out more about the types of cookies we use and why.
Behavioural information
This includes information that we generate about how you use our products and services. For example, if you use our banking services, we may generate information about your spending patterns so we can help you manage your money.
Call recordings
On occasion, we monitor and record our calls with you. We will let you know if we are doing this.
Camera surveillance
For the safety of our staff and customers, we use camera surveillance, such as CCTV, to monitor CommBank premises.
Sensitive information
On occasion, we collect and handle sensitive information. This may include:
  • health information (where this is relevant to an insurance policy, claim or if you're in financial difficulty and ask for hardship relief due to illness)
  • race or ethnicity (for example we may ask you what language you speak if you request a translator to communicate with us)
  • criminal history and political affiliation, where it is relevant for our regulatory obligations.
Information about your personal circumstances
On occasion, we may ask you to provide information about your personal circumstances so we can support you during any financial difficulties. This may include:
  • information about significant life events (such as a relationship breakdown or a death in the family)
  • information about family and domestic violence
  • where you have been impacted by an emergency event or a natural disaster
  • any unexpected changes to your financial situation (such as losing a job or incarceration)
  • details of injury, illness, gambling or addiction.  
Publicly available information
On occasion, we may collect and handle information that is in the public domain, such as from:
  • online forums, websites, Facebook, Twitter, YouTube or other social media (for example, if you use social media to make a complaint)
  • public registers (for example, those kept by the Australian Securities and Investments Commission).  

See ‘Who do we share your information with?’ (Collection, use & sharing, Section 2C) for details of third parties we may share information with. 

  

2b. How do we use your information?

We’re careful about how we use your information to deliver our products and services. We also use your information for other reasons, such as to better understand you, your needs, and to let you know about other products and services you might be interested in.

Here is a list of the ways we may use your personal information. 

Purpose
How we use your personal information
Serving you as a customer
We use your information to deliver our products and services including to:
  • assess and process your applications for products and services
  • administer and manage existing products or services you have with us
  • manage our relationship with you or your business
  • improve our service to you and your experience with us
  • communicate with you or your representatives about our products and services
  • let you know about other products and services that may be of interest to you. 
Improving our business
We use your information to improve the products and services we provide through activities such as:
  • reviewing customer feedback and assessing how you use our products and services
  • testing and validating the effectiveness of products, services and system enhancements
  • monitoring and reviewing call recordings, online chats and other business activity for quality assurance, training and compliance purposes.
Managing our operations
We use your information to manage our operations including to:
  • deliver our products and services
  • make and manage customer payments and transactions
  • manage fees, charges and interest due on your products and services
  • collect and recover money that is owed to us
  • respond to complaints and seek to resolve them
  • manage our share register and security holder records.
Managing security, risk and crime prevention
We use your information to:
  • prevent, detect and investigate suspicious or fraudulent activities
  • monitor our properties, for example using camera surveillance to ensure the safety of our people and customers
  • investigate health and safety incidents involving our people and customers
  • support the management of our information security and network controls to prevent cyber-attacks, unauthorised access and other criminal or malicious activities.
To comply with our legal obligations
Where required, we use your personal information to comply with the law, including our regulatory obligations, including to:
  • confirm your identity
  • share relevant information with law enforcement agencies, tax authorities and other regulatory bodies
  • screen applications and monitor accounts to identify criminal activity such as fraud, terrorist financing, bribery, corruption and money laundering
  • investigate financial crime.
Managing our business
We use your information to run our business in an efficient and proper way. This includes managing our financial position, business capability and planning, testing systems and processes, as well as managing communications, corporate governance, and audit.
Performing analytics activities
Sometimes we combine information we have about you and our other customers, for example transaction information, with data from other sources, such as third party websites or the Australian Bureau of Statistics. We use this information to:
  • help us understand trends in customer behaviour including how products and services are used
  • improve the products and services we offer
  • improve the quality of our data
  • develop products and services that better meet our customers’ needs and behaviours
  • understand and manage our risks better.
De-identifying information
Sometimes we de-identify your personal information, for example transaction information, and use this to:
  • provide insights and analytics services to other organisations.
  • share de-identified information with other organisations.
These services help organisations learn about the types of customers they have and their general spending patterns. See an example of how we use data in this way and some of the privacy treatments we use to de-identify personal information
Sales or acquisitions
We may also use your personal information to support any changes to the ownership of products or services or the make-up of the CommBank Group. For example, we may:
  • sell, transfer, or merge parts of our business, or our assets, including products or services
  • bring other businesses into the CommBank Group
  • stop providing a particular product or service.
When we do this, we may share your personal information with other members of the CommBank Group or other parties involved, where appropriate. 
Determine your eligibility for credit
See Credit Reporting (Your credit information, Section 4) for how we use your credit information.

We may also collect, use and share your information for other reasons where the law allows or requires us to.

Direct marketing

From time to time, we may also use your personal information to tell you about products and services we think may be of interest and value to you, but we will stop if you tell us to.

We may contact you by various means, including by mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising through CommBank websites or through our online banking services.

If you do not want to receive direct marketing offers from us, you can opt-out by:

  • updating your message preference settings in your online services (such as Netbank, CommBiz or CommSec)
  • contacting us using the details in We’re here to help, Section 6a.

We may first require you to log into your NetBank account or otherwise identify yourself.

  

2c. Who do we share your information with

We may share your information with third parties for the reasons mentioned in How do we use your information? (Collection, use & sharing, Section 2b), or where the law otherwise allows or requires us to.

The types of third parties are listed below. 

Type of third party
Description
Other members of the CommBank Group
We may share your information between members of the CommBank Group. This helps us offer you a high-quality customer experience. You can read about how CommBank Group members may use your information in How do we use your information? (Collection, use & sharing, Section 2b).
Authorised Third Parties
We may share information with third parties where you have authorised us to do so or where we are legally required. They include:
  • third parties that you have authorised to act for you (such as accountants, financial counsellors, legal representatives, agents, mortgage brokers, financial advisors, or a person with Power of Attorney)
  • your parent or legal guardian (if you are under 14 years)
  • guarantors and other security providers.
Third Parties that can verify your information
This includes organisations that can verify information that you have supplied when applying for a product or service, or making a claim, including:
  • your employer, to verify your employment status
  • your doctor, to verify your medical history
  • other banks and financial institutions that you may have products and services with.
  • commercially available third party databases
  • credit reporting bodies and credit providers (see Your credit information, Section 4).
Our Service Partners
We may share your information with our service partners, external service providers and other organisations that help us to supply products and services. These include:
  • organisations that we partner with to supply products and services, for example, payment and shopping services, mortgage insurers, loyalty program partners and our product distributors.
  • external service providers that we engage to do some of our work for us, for example mailing houses, debt recovery agencies, legal service providers and information technology and cloud service providers.
  • people who help us process applications and claims (like assessors and investigators).
  • organisations involved in our funding arrangements (like loan purchasers, investors, advisers, researchers, trustees and rating agencies).
  • auditors, insurers and re-insurers
  • organisations that assist us to identify, investigate or prevent fraud or other misconduct.
  • our share registry service provider.
Strategic Referral Partners
We may share your information, with external parties with whom CBA has entered into strategic alliance or referral arrangements to enable you to inquire about the services or products they offer.
A product refers to any offering of features and benefits to a Customer.
This may include products that allow a Customer to:
  • make a financial investment (e.g. a share);
  • borrow money (e.g. credit cards, loans or bonds);
  • save money (e.g. term deposits);
  • manage financial risk (e.g. insurance); or
  • facilitate payments (e.g. BPay, clearing and settlement facilities).     

Other financial services organisation
We may collect and share your information with other banks, third party payment providers, superannuation funds and financial services providers to provide you services, for example to process your transactions, facilitate payment reversals and provide refunds. 
Government and law enforcement agencies
We may share your information with regulatory bodies, government agencies and law enforcement bodies to comply with our legislative or regulatory obligations in any of the jurisdictions where we operate.

Sending  information overseas

Sometimes, we may send your information overseas, including to:

  • CommBank Group members that are located in China, India, Hong Kong, Singapore, Japan, the United Kingdom, the Netherlands, New Zealand and the United States of America
  • service providers or third parties who store data or operate outside Australia
  • complete international transactions, such as currency exchanges
  • organisations we partner with to provide products and services
  • comply with laws and help government or law enforcement agencies.

If we do this, we make sure there are appropriate privacy, data handling and security arrangements in place to protect your information.

3. Securing your information

3a. Keeping your information safe

Our staff are trained in how to keep your information safe and secure. We use secure systems and buildings to hold your information. We aim to only keep your information for as long as we need it.

We store your hard copy and electronic records in secure buildings and systems or using trusted third parties. We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold about you.

We aim to keep personal information only for as long as we need it – for example for business or legal reasons. When we no longer need information, we take reasonable steps to destroy or de-identify it.

 

4. Your credit information

We collect credit information about you when you apply or use our credit related products or services.  We may also collect credit information about you from credit reporting bodies (such as Equifax).

What is credit information?

Credit information is personal information that is about credit that has been provided to you or that you have applied for. This includes credit for personal purposes and credit in connection with a business. It can also cover information about you as a guarantor of a loan or as an insured party under a credit related insurance policy.

Types of credit-related information we collect, hold and disclose

We collect credit information directly from you or your representative when you apply for a credit related product or service, like a credit card. We also collect credit information about you from third parties, including credit reporting bodies (such as Equifax) or other credit providers (such as another bank).

The types of credit information we collect and handle are set out below.

Identification information

This includes your name (including any aliases), gender, date of birth, driver licence number, current and most recent past addresses, as well as current and most recent past employers.

Consumer credit liability information 

This is information about any accounts that you currently have open or may have had in the past. It includes the type of account, the open and/or close date, as well as the credit limit.

Repayment history 

This includes a history of your repayments, including whether you have made payments when due, and if not, when overdue payments have been made.

Default information

Details of any defaults or serious credit infringements.

Public information

Public record information such as:

  • court judgments
  • directorship and business proprietorship details
  • bankruptcy, debt agreement and personal insolvency.

Information about credit worthiness

Information about your credit worthiness such as credit scores, credit risk ratings, summaries and evaluations.

Why we collect and handle your credit information

When you apply to us for credit or propose to be a guarantor, we need to know if you’re able to meet repayments under your agreement with us. We also want to avoid giving you further credit if this would put you in financial difficulty.

We use credit information to:

  • confirm your identity
  • assess your credit applications and your ability to manage credit
  • manage credit provided to you
  • assist you to manage your credit related obligations and to consider any financial hardship requests
  • derive scores, ratings, summaries and evaluations relating to your credit worthiness which are used in our decision-making processes and ongoing reviews
  • help us collect overdue payments
  • share information with credit reporting bodies, where the law permits us to do so.

How do we hold credit information?

We keep your credit information with your other information. In some cases, we may need to share some of your information with organisations outside Australia (see Collection, use & sharing, Section 2c).

More information

It is important that we hold accurate credit information about you. To access or correct your credit information, please contact us (see We’re here to help, Section 6a).

You can also contact us to make an enquiry or complaint about the collection and handling of your credit information.

Find out more about credit reporting

Credit reporting bodies

If you apply for credit or offer to act as a guarantor, we may collect or share your information with a credit reporting body. This information is used to determine your eligibility for credit.

Credit reporting bodies include this information in their reports to help other credit providers to assess your credit worthiness (such as when you apply for a credit card or a loan). 

We can also ask credit reporting bodies to give us your overall credit score and may use credit information from credit reporting bodies together with other information to arrive at our own assessment of your ability to manage credit.

Direct marketing: Credit providers like us can ask credit reporting bodies to use your credit information to pre-screen you for direct marketing purposes. You can contact the credit reporting bodies if you want to stop your credit information being used for this purpose.  

Preventing identity fraud: If you think you have been, or could be, a victim of fraud you can ask the credit reporting body not to use or give anyone your credit information.

We collect from, and share information with, the following credit reporting bodies. For more information about how they handle credit reporting information they hold about you, or about direct marketing or identity fraud, you can contact them below.

 

Accessing your information

5a. Accessing, updating and correcting your information

You can contact us and ask to view your information. For more detailed information, we may ask you to fill out a request form. If your information isn’t correct or needs updating, let us know straight away.

How can I access my information?

You can ask us for a copy of your information, like your statements or transaction history, by visiting a branch, going online (such as Netbank, CommBiz or CommSec) or calling us (see We’re here to help, Section 6a). To get a copy of the credit information we have about you, you can visit a branch or call us.

If you would like more detailed information, please fill out the Request for Access to Personal Information Form (PDF).

How will we handle you request?

There is no fee to ask for your information, but sometimes we might charge a fee to cover the time we spend gathering the information you want. If there’s a fee, we’ll let you know how much it is likely to be, so you can choose if you want to go ahead.

We try to make your information available within 30 days after you ask us for it.

In some cases, we can refuse access or only give you access to certain information. For example, we might not let you see information that involves other people. If we do this, we will write to you explaining our decision.

Can you correct or update your information?

It’s important that we have your correct details, such as your current home address, email address and phone number. You can check or update your information at any branch, via your online services (such as Netbank, CommBiz or CommSec) or by calling us (see We’re here to help, Section 6a).

If you think your personal or credit information is incorrect, contact us to investigate the issue (see We’re here to help, Section 6a).

We’ll try to respond to your request within 30 days. If we can’t, we’ll let you know why it’s taking longer.

If we don’t think the information needs correcting, we’ll write to let you know why. You can ask us to include a statement with the information that says you believe it is inaccurate, incomplete, misleading or out of date.

6. We’re here to help

6a. Contact us

If you need more information, want to access or update your personal information or if you have a privacy concern – help is just a phone call or a few clicks away.

Personal banking

Call 13 2221

Overseas? Call +61 2 9999 3283

 6am - 10pm (Sydney/Melbourne time)

Business banking

Call 13 1998 any time

Overseas? Call +61 2 9009 0593

CommSec

Call 13 1519

Overseas? Call +61 2 9115 1417

8am - 7pm, Monday - Friday (Sydney/Melbourne time)

CommInsure

Call 13 242

8am - 8pm, Monday - Friday, 8am - 5pm, Saturday (Sydney/Melbourne time)

Access for hearing or speech impaired customers

TTY number: Call 133 677 then ask for 13 2221

SMS Relay: Text 0423 677 767 (for more info, visit the National Relay Service)

Voice Relay number: Call 1300 555 727 then ask for 13 2221

Visit your nearest CommBank branch

Find a branch

Contact our international Privacy Offices

If you’re a customer of our international branches, you can contact us on the details below.

China 

The Data Privacy Officer

Commonwealth Bank of Australia, Shanghai and Beijing Branches

Mailing Address: RM 1101 Azia Centre, No. 1233 Lujiazui Ring Road, Pudong, Shanghai

Telephone: +86 21 61238912

Hong Kong

The Data Privacy Officer

Commonwealth Bank of Australia, Hong Kong Branch

Mailing Address: Suite 1401, Once Exchange Square, 8 Connaught Place, Central, Hong Kong

Telephone: +852 2844 7500

Fax: +852 2845 9194

Japan (Tokyo)

The Data Privacy Officer

Commonwealth Bank of Australia, Tokyo Branch

Mailing Address: Toranomon Waiko Building 8th Floor, 12-1 Toranomon 5-chome, Minato-ku,Tokyo 105-0001

Telephone: +81 03 5400 7857

Email: Takao.Uehara@cba.com.au

Singapore

The Data Privacy Officer

Commonwealth Bank of Australia, Singapore Branch

Mailing Address: 38 Beach Road, #07-11 South Beach Tower, Singapore 189767

Email: dpo@cba.com.au

6b. Making a privacy complaint

If you have a concern or complaint about how we have handled your personal information (including your credit information), let us know and we’ll try to fix it. We try to get things right the first time – but if we don’t, we’ll do our best to sort it out. If you’re not satisfied with how we respond to your complaint about how we’ve handled your personal information, there are other things you can do.

How can you make a complaint?

To make a complaint, contact one of our staff or customer service teams (see We’re here to help, Section 6a). We’ll look into the issue and try to fix it straight away.

If you’ve raised your concern with one of our staff and are not satisfied, you can contact our Customer Relations team:

CBA Group Customer Relations

Email

customerrelations@cba.com.au

Phone

1800 805 605

+61 2 9687 0756 from overseas

8am - 6pm, 7 days a week (Sydney/Melbourne time)

Mail

Reply Paid 41, Sydney NSW 2001

Find out more about how we manage complaints.

What else can you do?

If you’re not satisfied with our response after you’ve been through our internal complaints process, you can lodge a dispute through the Australian Financial Complaints Authority (AFCA), our external dispute resolution provider.

AFCA provides consumers and small businesses with fair, free and independent dispute resolution for financial complaints.

Australian Financial Complaints Authority

Visit: www.afca.org.au

Email: info@afca.org.au

Phone: 1800 931 678 (free call)

Mail: Australian Financial Complaints Authority, GPO Box 3, Melbourne VIC 3001

You can also contact the Office of the Australian Information Commissioner if your complaint is about your privacy or how we handled your credit information.

Office of the Australian Information Commissioner

Visit: oaic.gov.au

Email: enquiries@oaic.gov.au

Phone: 1300 363 992

Mail: GPO Box 5218, Sydney NSW 2001

Additional rights

Additional rights in Asia

Customers of our Singapore Branch

Additional rights for customers of our Singapore Branch are set out in the Singapore Branch Privacy Notice. You may request a copy of this Notice, or further information relating to your rights, by contacting the Singapore Data Privacy Officer (see We’re here to help, Section 6a).

Customers of our Tokyo Branch

Additional rights for customers of our Tokyo Branch are set out in the Commonwealth Bank of Australia, Tokyo Branch Privacy Policy Statement (PDF). You may request a copy of this Notice, or further information relating to your rights, by contacting the Tokyo Branch Data Privacy Officer (see We’re here to help, Section 6a).

Additional rights for individuals located in the European Union and United Kingdom

The European Union (EU) General Data Protection Regulation (GDPR) and local data protection laws, such as the United Kingdom General Data Protection Regulation, give more rights to individuals located in the EU and the UK and more obligations to organisations holding their personal information. In this Appendix, “personal information” means any information relating to an identified or identifiable natural person (the meaning given to the term “personal data” in the GDPR).

Personal information must be processed in a lawful, fair and transparent manner. As such, if you are located in the EU, GDPR requires us to provide you with more information about how we collect, use, share and store your personal information as well as advising you of your rights as a 'data subject'.

If you are located in the EU and have an enquiry relating to your rights under the GDPR, please contact myprivacyrequest@cba.com.au.

What personal information do we collect?

Please refer to Section 3 (Securing your information) above for details of the personal information we collect.

Special categories of personal information 

The GDPR provides additional protection for personal information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example your fingerprints), or data concerning your health, sex life or sexual orientation. We will only process this type of personal information with your consent or where otherwise lawfully permitted.

How long we keep your personal information

We will keep your personal information while you are a customer of the Group. We aim to keep your personal information for only as long as we need it.

We generally keep your personal information for up to 7 years after you stop being a customer but we may keep your personal information for longer:

  • To fulfil legal or regulatory obligations
  • For internal research and analytics 
  • To respond to a question or complaint

How we use your personal information

We can only collect and use your personal information if we have a valid lawful reason to do so. For the Group, these reasons are:

  • Contract: We need to process your personal information in order to fulfil a contract you have with us, or because you have asked us to take specific steps before entering into a contract.
  • Legal obligations: We need to process your personal information for us to comply with the law (not including contractual obligations).
  • Consent: You have given clear consent for us to process your personal information for a specific purpose.
  • Legitimate interests: We need to process your personal information for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal information which overrides these legitimate interests.

 

How we use your personal information
Our reasons
Our legitimate interests
To confirm your identity
  • We have your consent
  • To fulfil contracts
  • To meet our legal duty
  • We have legitimate interests
  • Identifying credit risks prior to entering into a loan agreement
  • Complying with guidance of regulators
  • Managing risk
To assess your application for a product or service
  • We have your consent
  • To fulfil contracts
  • To meet our legal duty
  • We have legitimate interests
  • Identifying credit risks prior to entering into a loan agreement
  • Complying with guidance of regulators
  • Managing risk
To manage our relationship with you
  • We have your consent
  • To fulfil contracts
  • To meet our legal duty
  • We have legitimate interests
  • Preventing and investigating potential criminal activity
  • Complying with guidance of regulators
  • Managing risk
To minimise risks and identify or investigate fraud and other illegal activities
  • To fulfil contracts
  • To meet our legal duty
  • We have legitimate interests
  • Preventing fraud
  • Ensuring network and information security
  • Reporting possible criminal acts or threats to public security
  • Preventing and investigating potential criminal activity
  • Complying with guidance of regulators
  • Managing risk
To contact you, for example, when we need to tell you something important
  • We have your consent
  • To fulfil contracts
  • To meet our legal duty
  • We have legitimate interests
  • Preventing fraud
  • Complying with guidance of regulators
  • Managing risk
To improve our service to you and your experience with us
  • We have your consent
  • To fulfil contracts
  • To meet our legal duty
  • We have legitimate interests
  • Preventing and investigating potential criminal activity
  • Complying with guidance of regulators
  • Managing risk
To comply with laws, and assist government or law enforcement agencies
  • To fulfil contracts
  • To meet our legal duty
  • We have legitimate interests
  • Preventing fraud
  • Ensuring network and information security
  • Reporting possible criminal acts or threats to public security
  • Preventing and investigating potential criminal activity
  • Complying with guidance of regulators
  • Managing risk
To manage our business
  • We have your consent
  • To fulfil contracts
  • To meet our legal duty
  • We have legitimate interests
  • Complying with guidance of regulators
  • Preventing and investigating potential criminal activity
  • Managing risk

We may use your information for direct marketing purposes.  We will only do this with your consent.

Your rights as a data subject

The right to be informed how personal information is processed

  • You have the right to be informed how your personal information is being collected and used. If we require your consent to process your personal information you can withdraw consent at any time. If you withdraw consent, we may not be able to provide certain products or services to you. The right to withdraw only applies when the lawful basis of processing is consent.

The right of access to personal information

The right to rectification

  • You have the right to question any personal information we have about you that is inaccurate or incomplete. If you do, we will take reasonable steps to check the accuracy and correct it.

The right to erasure

  • You have the right to ask us to delete your personal information if there is no need for us to keep it. You can make the request verbally or in writing. There may be legal or other reasons why we need to keep your personal information and if so we will tell you what these are.

The right to restrict processing

  • You have the right to ask us to restrict our use of your personal information in some circumstances. We may be able to restrict the use of your personal information. In this situation we would not use or share your personal information while it is restricted. This is not an absolute right and only applies in certain circumstances.

The right to data portability

  • In some circumstances you have the right to request we provide you with a copy of the personal information you have provided to us in a format that can be easily reused.

The right to object

  • In some circumstances you have the right to object to us processing your personal information.  

Rights in relation to automated decision making and profiling

  • We sometimes use systems to make automated decisions (including profiling) based on personal information we have collected from you or obtained from other sources such as credit reporting bodies. These automated decisions can affect the products or services we offer you. You can ask that we not make decisions based on automated score alone or object to an automated decision and ask that a person review.  

The right to lodge a complaint with a supervisory authority

  • You have the right to complain to the regulator if you are not happy with the outcome of a complaint.  

See the ‘Regulator Contact Details’ section below for more information.

  • The individual regulator websites will tell you how to report a concern. 

Minors and children’s privacy

We will seek parent or guardian consent to collect the details of children under 16.

Regulator contact details

The UK data protection authority is:

Information Commissioner’s Office
Wycliffe House
Wilmslow
Cheshire SK9 5AF
UK
Visit: ico.org.uk

The Netherlands Data Protection Authority is:
Autoriteit Persoonsgegevens
Prins Causlaan 60
PO Box 93374
2509 AJ DEN HAAG / The Hague
Visit: https://autoriteitpersoonsgegevens.nl/nl

For other European jurisdictions please refer to the European Commission website for details of the relevant data protection authorities.

Things you should know

Policy updated 15 September 2021

During our relationship with you, we may tell you more about how we collect and handle your information – for example, when you fill in an application form or receive product terms and conditions. You should always read these documents carefully.

Sometimes we update our Statement. You can always find the most up-to-date version on our website.