1. Who we are

Commonwealth Bank of Australia (ABN 48 123 123 124, AFSL 234945) (CommBank) and its subsidiaries (collectively, the Group) provide a wide range of banking and financial products and services. For more information about the Group, including a complete list of Group members, go to our investor centre.  

In this Privacy Collection Notice, 'we', 'us' or 'our' refers to the Group. 

Back to top

2. What’s in this notice

This notice describes how we collect, hold, use and share your personal information when you use our electronic banking platforms (NetBank) and/or our mobile and tablet banking application (CommBank app) (collectively, our platforms). It includes: 

  • The kinds of personal information we collect 

  • The reasons we collect and use that information 

  • Who we share your information with 

  • How to access our Privacy Policy or contact us about our privacy practices  

The Addendum at the end of this notice provides more detail about the ways we collect, hold, and use and share additional personal information from the CommBank app.  

You should also read the terms and conditions for the products and services we offer, including our Electronic Banking Terms and Conditions. These terms may contain more information about the ways we collect, hold, use and share personal information for those products and services. 

Back to top

3. What is personal information

Personal information includes information or an opinion about an individual that’s identified or reasonably identifiable. This can include a person's name, age, gender, postcode and contact details. It may also include financial information, such as credit card or transaction details, as well as a range of other types of data. An example of reasonably identifiable information is data on a bank statement which also contains the person’s name.

Back to top

4. What information we collect

We collect personal information about you when you use or access our platforms, and on an ongoing basis while you bank with us, including:

  • Information about your identity, such as your name and contact details (including your email address and mobile number)
  • Information about your personal circumstances (e.g. marital status, age, gender, occupation, and relevant information about your partner or family)
  • Information contained in identity documents or government documents, provided by you or someone acting on your behalf (e.g. your drivers' licence, passport, Medicare number) or government-issued concession cards you hold (e.g. a Seniors Card or a Veterans Card)
  • Credit and other financial information, including transactions and payments made using our platforms and details of any of your assets and liabilities (such as your share holdings or accounts with other financial institutions). For more information see credit reporting
  • Information you or someone acting on your behalf provides us as part of applying for a product or service from us, including details of your income and assets, financial liabilities, copies of bank statements and credit card statements from other financial institutions, as well as information from third parties regarding your credit history
  • Information about your use of our online banking services, websites, mobile and tablet applications and ATMs, including your login details, preferences, activity logs, IP address, behavioural data and information collected by cookies. For more on how we use cookies to secure, improve and optimise your use of our platforms, see our Cookies Policy.
  • Details of consents you’ve provided us relating to the sharing of your data (including in relation to the Consumer Data Right or Open Banking).
  • Information you provide in free text fields, such as surveys, search terms or chat on our platforms
  • Information about the electronic devices (computers, mobile phones or tablets) you use to access our platforms and how you use them, including:
    • Details relating to your devices, their operating systems, browsers, other applications and settings
    • Information associated with your access to our platforms, such as information relating to the wi-fi network or mobile network used by your devices when accessing our platforms
    • General location information we get from your device’s IP address, or more specific location if you have opted in
  • Information about the way you use your devices while accessing our platforms, such as pages you visit on our platforms, click rates, scrolling or swiping activity, mouse movements, or typing speed. We may collect and process this information to generate a 'biometric fingerprint' that relates specifically to you, which we can use to identify unusual behaviour
  • Additional information when you’re using the CommBank app, as set out in the Addendum to this notice

The information we collect may include sensitive information. For example, we may ask for health information as part of an application for insurance. If we collect this type of information, we'll ask for your permission (except when we’re required or authorised by law to collect this information without your consent).

We may collect this information from you directly or from third parties, including:

  • Someone acting on your behalf, such as a parent or guardian, agent, or authorised operator of your account
  • Third party service providers who capture data when you use our platforms on our behalf

If you give us information about others (such as a joint applicant or if you’re an organisation, its officers or beneficial owners), you must have their authority and tell them what's in this notice.

Back to top

5. Why we collect your information and what we use it for

We collect, use and share your information:

  • To confirm your identity and manage our relationship with you, including to contact you about changes to our products and services
  • To identify, manage and minimise security risks and detect and prevent fraud, scams and other unauthorised activity. As part of this, we may:
    • Combine data collected through our other channels (including data collected from or held by trusted third parties or public sources) to help us detect security threats
    • Provide your personal information to a government agency or third party to match it against data held by them to confirm your identity
    • Use your biometric fingerprint and other behavioural information we collect to identify suspicious activity
    • Use your information to contact you if we detect a security threat
    • Block disruptive use of our platforms or any suspected illegal activities
  • In the case of behavioural information (other than your biometric fingerprint), for analytical purposes to help us:
    • Improve our digital features, products and services
    • Understand which aspects of our platforms are working well and which aren’t
    • Detect whether certain features are available on your device
    • Determine what types of content you may be interested in
  • To comply with our legal obligations, respond to legal process requests, or requests from law enforcement bodies or other third parties, including under relevant laws, such as the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Income Tax Assessment Act 1936 (Cth) and the Competition and Consumer Act 2010 (Cth) (including the Open Banking regime)
  • To design, price, provide, manage and improve our products, services, and digital features
  • To assist our business partners with designing, pricing, providing, managing and improving their products and services
  • To personalise the way content, services, and offers are presented or delivered to you, including providing you with a personalised user experience and targeted marketing offers
  • To facilitate payment requests and carry out your instructions
  • To make sure you can use the products we provide through our platforms, including BPAY and PayID, according to applicable terms and conditions
  • To see if you qualify for any products or lending facilities you apply for
  • To let you know about products and services you might be interested in, including those offered by our business partners
  • To combine it with data collected through other channels (including data collected from or held by trusted third parties or public sources) to help us understand more about our customers so we can improve our features, products, and services. For example, we may use this information to personalise your experience when using our platforms or to let you know about products and services you might be interested in (including third parties and businesses we partner with) we think are relevant for you. We also get de-identified insights which we may share with our merchant and business customers and other third parties
  • To determine your location using your device's IP address, which we may use to detect and prevent fraud or other suspicious activities
  • To implement the features set out in the Addendum (for the CommBank app)
  • For any other purpose you consent to or opt in to, including sharing or enabling functionality with our business partners
  • For any other purpose set out in our Privacy Policy

If you don’t provide or allow us to collect your information, or the information you give us is inaccurate or incomplete, we may not be able to give you access to our platforms or their full functionality, or access to other products and services we may offer you from time to time.

Make sure:

  • The information you give us is accurate, up to date and complete
  • You let us know as soon as possible if you’ve changed any of your personal details

Back to top

6. Who we share your information with

The information we hold about you may be shared between members of the Group for the purposes set out in this notice. The information may also be shared with other third parties to help us deliver our products and services or as required by law, including:

  • Brokers, advisors and people who act on your behalf
  • Our service providers so they can provide you with the services which form part of our platforms, for security and risk mitigation and to generate insights (as set out in section 4)
  • Third party business partners so they can market or link our products with their own, and generate insights, or share de-identified insights, as set out in section 4 above
  • Government and law enforcement agencies, regulators or trusted third parties for security and fraud protection
  • Third parties in connection with a sale or transfer of assets or other corporate transactions

Third parties you consent to (e.g. if you ask us to disclose your information to a third party as part of the Consumer Data Right or Open Banking)

Sometimes, we may send your information overseas, including to:

  • Overseas businesses that are part of the Group
  • Service providers or third parties who store data or operate outside Australia
  • Complete a transaction, such as an International Money Transfer
  • Comply with laws, and assist government or law enforcement agencies

You can find out which countries your information may be sent to, see our security country list (PDF).

Back to top

7. Our Privacy Policy and how to contact us

Go to commbank.com.au/privacy for our Privacy Policy or ask for a copy at any branch. It tells you:

  • How to access your information and correct it if it's wrong
  • How to update your preferences about how we contact you or ask not to receive direct marketing
  • How to make a privacy-related complaint (including about our compliance with the Australian Privacy Principles) and how we'll deal with it
  • If you live in Europe, information on how we process any personal data you provide us that’s covered by the European Union's General Data Protection Regulation (GDPR) and your rights under the GDPR described in Appendix 1 of our Privacy Policy.

Sometimes we update our Privacy Policy.

You can contact us anytime or if you need to talk to us about our privacy practices by:

Email:               customerrelations@cba.com.au

Phone:              1800 805 605

Mail:                 CBA Group Customer Relations, Reply Paid 41, Sydney, NSW, 2001

Back to top

Addendum: Use of additional information for the purposes of the CommBank app

When you use or access the CommBank app, in addition to the information and purposes set out above, we may collect, use and share additional types of information about you including:

  • Collecting your device's location, if you’ve consented, which we may use to send you personalised content, including pointing you to the nearest ATM or branch
  • Collecting other information, including authorisations and device inputs to implement additional features available through the software and hardware features of your device, e.g. voice control, tap and pay or Apple Pay
  • Collecting and recording loyalty card information for any loyalty schemes you may be a member of, if you provide this information to us
  • Collecting and disclosing information with your consent to enable you to connect with or use tools or applications from third parties, e.g. Klarna

We may also ask for your consent to enable the CommBank app to use certain features or information contained on your device, including:

  • Device features which use biometric information (such as your fingerprint or facial ID) to authenticate you
  • Other information stored on your phone, such as your contacts, which we use to display your address book when making a payment

If you enable these features, this information will still remain on your device. We don’t collect or store this information in the CommBank app.

Back to top