Privacy and Credit Reporting Policy (Privacy Policy)

The types of personal information we collect and hold will depend on what business you do with us or the type of product or service you request from us. This personal information may include:

• important information about your identity – for example, your name, residential address, email address, telephone numbers, date of birth, marital status, gender and your employment and occupation details;
• information about your financial position, including your income, expenses, savings and assets;
• credit-related information as defined above, which includes information about your loan arrangements, repayments and credit worthiness;
• your tax file number (TFN) and tax residency status (or your country of taxation obligation and taxation identification number, where applicable);
• financial and transaction information, account or policy information and other information relating to products and services held;
• the reason that you might be applying for a particular product or service;
• records of contact and other correspondence with us, including any feedback, complaint or enquiries you have made;
• your responses to real time surveys or polls seeking feedback on our relationship with you (including to improve our service to you);
• lifestyle information;
• information regarding your personal insolvency or any court proceedings;
• your directorships, other office holdings or shareholdings and similar interests;
• when you visit any of our websites or use our digital banking facilities – your location, device and activity information, IP address and any third party sites you access. For more information about how this works, see the relevant website Terms;
• if you apply for employment with us, information relevant to assessing your application, including your qualifications, employment history, education, referees and health information;
• other information we think is necessary.

In limited circumstances, we may collect and hold sensitive information about you (for example, recordings of your voice or images of your face for identification and fraud prevention purposes; or information about your health when you make an application for hardship, when you apply for a life insurance product, or when you apply for employment with us). We only collect sensitive information from you if it is necessary in the circumstances and you have consented to that collection (unless we are permitted by law to collect that information).

Using government identifiers

If we collect government related identifiers, such as your TFN, we do not use or disclose this information unless required by law. We will never adopt a government related identifier as our own identifier for you

Information we didn’t ask for

If we receive your personal information without requesting it, we will decide whether or not we reasonably need this information to provide you with products and services. If so, we will treat the information in the same manner we treat all other personal information gathered about you. If not, we will destroy or de-identify the information.

Updating your personal information

It is important to us that the personal information we hold about you is accurate and up to date. We will generally rely on you to assist us by informing us if the information we hold about you is inaccurate or incomplete.

Wherever possible, we collect your personal information directly from you. For example, we will collect your personal information:

• when you submit an application (or other form) to us or provide us with supporting documents or otherwise apply for products or services offered or distributed by us;
• when you deal with us (including when you make an enquiry or complaint);
• when you visit our website; and
• when you enter into a competition we are running or when we sponsor you or an event you are involved with.

We may also collect your personal information when you use our products and services (for example, when you use your account with us to make transactions or repayments).

In some circumstances, we may need to obtain personal information about you from others or publicly available sources. For example, we may collect information about you from:

• our related companies;
• current and/or previous employers (for example, to confirm your employment and income details);
• other credit providers;
• other people associated with your account e.g. coborrower, joint account holder, guarantor;
• the borrower if you are a guarantor or an additional card holder;
• the account holder if you are an additional card holder;
• publicly available sources of information, such as public registers, social media, LinkedIn and other online networks or platforms;
• your representatives (for example, your legal advisor, accountant, financial advisor, executor, administrator, guardian, trustee, or attorney);
• any referees you provide;
• other organisations who, jointly with us, provide products or services to you (including persons who we arrange or distribute products on behalf of);
• our service providers, such as credit reporting bodies, and companies that provide fraud prevention reports or provide identity verification services; and
• any other person (for example, a spouse or other relative) who holds personal information that we need to provide a product or service to you, and it is otherwise unreasonable or impractical to obtain that information directly from you.

We may also collect information about you by creating insights and other information about you when analysing information we already hold.

Where you apply for employment with us, we may collect personal information about you from your application and in the course of our recruitment process. In these circumstances, we may also need to collect information about you from third parties, including current and previous employers, nominated referees, educational institutions and when undertaking background checks.

We collect, hold, use and share your personal information so that we can provide products and services to you, and manage or administer our business and our relationship with you. For example, we may collect, hold, use and share your personal information so we can:

• confirm your identity;
• undertake due diligence in relation to you (for example, your tax and employment status) or any security;
• provide you with information about our products and services;
• consider your or a borrower’s request for products and services (including to assess your eligibility for a product or service, or to act as a guarantor, signatory, representative or additional card holder);
• process your requests and instructions in relation to products or services;
• derive scores, ratings and evaluations relating to your credit worthiness which we use in our decision-making processes and suitability assessments if you apply for credit;
• carry out your instructions;
• establish, provide and administer the products and services we provide to you;
• process payments and invoices, and collect overdue payments;
• contact you and manage our relationship with you (including dealing with any complaints or enquiries you have made), and improve our service;
• discuss with you (or, where the law allows, a relevant third party such as a relative or carer) any unusual behaviour in relation to your account with us;
• manage our business (for example, to conduct market research, to manage and develop our business systems and infrastructure, and to manage our rights and obligations with third parties)
• tell you about other products or services that may be of interest to you (unless you tell us not to) or run competitions and sponsorship programs;
• consider hardship requests;
• minimise risks and identify illegal activities (such as fraud, money laundering or terrorism financing and other misconduct)
• undertake debt recovery and enforcement activities and deal with serious credit infringements as well as assisting other credit providers to do the same;
• manage legal action you or we are taking;
• develop and plan new products and services, conduct research and analytics, and carry out any internal audits;
• administer and manage any arrangements or dealings you have with us; and
• comply with our obligations under laws, regulations and codes, and assist government or law enforcement agencies. For example, various Australian laws may require or authorise us to obtain information about you, such as:
  1. the Anti-Money Laundering and CounterTerrorism Financing Act and other anti-money laundering legislation (for example, for identity verification and employee due diligence);
  2. the National Consumer Credit Protection Act 2009 (Cth);
  3. the Personal Property Securities Act 2009 (Cth) (for example, if relevant, for search and registration purposes); and
  4. the Taxation Administration Act 1953 (Cth), the Income Tax Assessment Act 1936 and 1997 (Cth) and other taxation laws and regulations.

Where you apply for employment with us, we may collect, hold, use and share your personal information so that we can assess your application and determine your suitability for any position. This includes verifying your identity, confirming your employment and income details, qualifications, education, training and professional memberships and health information you may provide and arranging for criminal record checks to be conducted.

If your application is unsuccessful or you do not proceed with any position with us, the personal information you provide to us may be retained for future reference should any suitable roles arise. You can opt out of this at any time by telling us.

We may also use or share your information for other reasons where the law allows or requires us to do so (for example, a court, tribunal or external dispute resolution ruling or rule), or for any other purpose you have consented to.

Marketing

From time to time, we may use your personal information to tell you about products or services (including those of third parties) that we think you might be interested in. We will do this unless you ask us not to.

We may contact you by mail, email, telephone, SMS, or any other online, digital or electronic means. We might also provide your details to other organisations for marketing purposes.

If you are a customer with Newcastle Permanent or Greater Bank, and you no longer wish to receive marketing information from that brand you can:

• click the “Unsubscribe” link in our email marketing messages (which will always include this link); or
• contact Newcastle Permanent or Greater Bank using the details set out in section 9

If you do not provide us with your personal information, we may be unable to:

• provide you with the products or services;
• assist or deal with you;
• administer and manage our products or services, or our relationship with you; or
• consider your application for employment with us.

We may freeze your access to a particular product or service, and cancel that product or service, if you do not provide us with information that we reasonably request and need to provide you with that product or service.

If you have a question of a general nature for example, where you make general inquiries about interest rates or current promotional offers, you can choose to do this anonymously or by using a pseudonym – however, we might not always be able to interact with you in this way as there are laws that require us to know who we’re dealing with.

Where permitted under the Privacy Act 1988 (Cth), we may share your personal information with third parties, such as:

• our related companies, assignees, agents, contractors and external advisors (including our accountants, tax advisors, auditors and lawyers);
• your agents, representatives or anyone who acts on your behalf (including your legal adviser, mortgage broker, financial adviser, accountant, parent, guardian, trustee, or referee);
• any person who makes a joint application for a product or service with you;
• any additional card holders, joint account holders or authorised persons;
• businesses and other persons who provide services to us (for example, organisations we use to verify your identity, organisations that assist with research and analytics, payment system operators, payment network operators, organisations that produce cards, cheque books or statements for us, information technology service providers, information technology shared service providers, valuers, quantity surveyors, real estate (including managing) agents and mailing houses);
• other organisations that we arrange or distribute products for or who have referral arrangements in place with us;
• organisations and persons involved in surveying or registering security property or who have an interest in security property;
• your and our insurers or re-insurers, where the insurance is in connection with a product or service we provide to you;
• your current and prospective co-borrowers, guarantors, co guarantors or security providers;
• the borrower if you are a guarantor;
• your current and/or previous employers (for example, if we need to confirm your employment), or any other person we need to verify your information with;
• credit reporting bodies (including so that your personal information can be included in your credit report and shared with other credit providers that participate in the credit reporting system);
• other credit providers, banks, financial institutions, superannuation funds, and fund managers;
• other organisations, who jointly with us, provide products or services to you;
• debt collection agencies;
• fraud reporting agencies;
• national, state or territory authorities that give assistance to facilitate the provision of our products and services to you;
• any registers that relate to the services we provide (for example, the Personal Property Securities Register);
• entities that help identify and investigate inappropriate or illegal activity, such as fraud;
• statutory authorities (such as the Reserve Bank of Australia), government departments and agencies, external dispute resolution services, any court and law enforcement agencies or regulators;
• entities that obtain an interest in your credit product (or are considering doing so) or that might otherwise be involved in a securitisation and their professional advisors (including investors, trustees, security trustees, managers, lenders’ mortgage insurers and rating agencies);
• accredited data recipients, in line with our Consumer Data Right (CDR) Policy;
• any other person (such as a relative, guardian, agent, person appointed to manage your affairs or a carer) if we believe that disclosure is necessary to protect us or you, or is otherwise in your interest.

If you have applied for employment with us, we may share your personal details with third parties, including your current or previous employers, nominated referees, organizations that conduct criminal history and background checks, identity verification service providers and third parties involved in, or who assist us with, the recruitment process.

In some circumstances, we may require your consent before being able to share your personal information.

We will take appropriate steps to ensure that organisations we share information with protect your personal information.

Overseas disclosure

Sometimes we need to share your information with overseas organisations which may be located in the countries listed at ngmgroup.com.au/privacy.

You can also obtain a list by contacting us.

When you apply to us for credit or choose to be a guarantor, we may obtain a credit report about you from a credit reporting body. A credit report tells us about your credit history and other credit-related information collected, which we use to assess your creditworthiness.

When we request a credit report about you, the request is recorded in your credit report, and may be used by a credit reporting body to calculate a credit score, to be disclosed to other lenders and to assess your credit worthiness.

When we request a credit report, this may negatively impact your credit worthiness, rating or score.

We may use your credit report to verify your identity, assess applications for credit, assess the suitability of a proposed guarantor for a credit contract, assist in the avoidance of a credit default and the collection of overdue payments and assist with the internal management of credit and pre-screening.

The law limits what information we can give to credit reporting bodies, what they can give to us, and how we can use credit reports. Under law, we do not need your consent to disclose your personal information to a credit reporting body for the purposes of obtaining your credit report.

When you receive credit from us, we share information with a credit reporting body, on an ongoing basis. This information includes:

• your identity;
• the type and amount of credit you have or have applied for – such as credit cards, home loans, or personal loans;
• your credit limit;
• the date your account was opened and/or closed
• your repayment history, including any missed repayments or defaults
• information about any financial hardship arrangement; and
• if you’ve defaulted, committed fraud or another serious credit infringement.

Credit reporting bodies include this information in their reports to assist other credit providers to assess your credit worthiness. If you would like more information on how credit reporting works in Australia visit the Credit Smart website www.creditsmart.org.au

We can also ask credit reporting bodies to give us your overall credit score, and may use credit-related information from credit reporting bodies together with other information to arrive at our own scoring of your ability to manage credit.

The credit reporting bodies we may deal with are:

• Equifax Pty Ltd
  www.equifax.com.au 13 83 32
• Illion Australia Pty Ltd (formerly Dun & Bradstreet)
  www.illion.com.au 1300 734 806
• Experian Australia Credit Services Pty Ltd
  www.experian.com.au 1300 784 134

You can obtain their privacy policies on their websites.

Direct marketing using your credit-related information

From time to time, we may ask credit reporting bodies to use your credit-related information to pre-screen you for direct marketing purposes (for example, to determine your eligibility for certain credit products). You can ask a credit reporting body not to use or give your credit-related information in this way. To do so just contact the credit reporting body using the contact details noted on their websites above.

What if you think you are a victim of fraud?

If you believe on reasonable grounds that you have been or are likely to be a victim of fraud (including identity fraud), you can ask a credit reporting body not to use or give your credit-related information to anyone for a 21 day period (unless the use or disclosure is required by law). This is known as the initial ban period. It’s a good idea to make requests to each credit reporting body, as you may have a credit report with more than one credit reporting body.

At least 5 business days before the end of the initial ban period, the credit reporting body will get in touch to inform you that you can extend the ban period and explain what information you need to provide to support your allegation of fraud. If you do not make a request to extend the ban period, or the credit reporting body does not believe on reasonable grounds that you have been or are likely to be a victim of fraud, the ban period will end at the end of the ban period.

If you make a request to extend the ban period, and the credit reporting body believes on reasonable grounds that you have or are likely to be a victim of fraud, the credit reporting body must extend the ban period by a period that it considers reasonable in the circumstances and provide you with notice of the extension. The same process will apply for each subsequent ban period.

We or third party service providers on our behalf may store your personal information (including if you have applied for employment with us, information collected during the application and recruitment process in accordance with this policy) in hard copy, digital or electronic records. The security of your personal information is important, and we take reasonable steps to ensure that all your personal information is protected from misuse, loss, unauthorised access, modification, or disclosure. Some of the ways we do this are by:

• imposing confidentiality requirements on staff, service providers and other people we deal with;
• training staff on privacy and information security;
• imposing security requirements on document storage and retention;
• monitoring online security systems;
• imposing security measures to control access to premises and systems, such as locks, passwords and permission restrictions;
• using electronic security such as firewalls, data encryption and anti-virus software; and
• if you have applied for employment with us – ensuring your personal information is only accessed by persons (including third parties) involved in, or who assist us with, the recruitment process.

Any personal information that we transmit through our website and internet banking site is encrypted. However, like all internet communications, we cannot guarantee that information transmitted online is secure. To help protect your privacy, you should ensure that you keep your passwords and personal identification numbers safe, in accordance with the terms and conditions that apply to the account. You must contact us as soon as practicable if your passwords and personal identification numbers are subject to unauthorised access, disclosure or loss.

If we no longer require your personal information (for example, we no longer need your information for business or legal reasons), we will take reasonable steps to ensure that this personal information is permanently de-identified or destroyed.

How to access your personal information

You have the right to request access to personal information that we hold about you at any time, by contacting us using the details set out further below. We will need to confirm your identity and may ask you to fill out a request form.

We may be able to respond to your request immediately, but for more complex cases, it may take us up to 30 days to respond.

Where you request access to your credit-related information that we have received from credit reporting bodies, we will:

• usually provide you access to the information within
  30 days; and
• ask you to check with credit reporting bodies what
  information they hold about you (in order to ensure
  that you have access to the most up-to-date
  information).

We don’t charge you for asking us for your personal information. However, we may charge you a fee to cover our costs of finding and putting together the material if we give you access – but we’ll let you know how much it is likely to be in advance.

If we refuse to give you access to your personal information, for example because we no longer hold the information, access to the information would unreasonably impact on some else’s privacy, the request is unreasonable or for legal reasons, we will tell you why in writing and provide you with information about how you can complain about the refusal. You can contact our Privacy Officer (see contact details set out below) if you have any further concerns.

How to correct your personal information

If you believe that personal information we hold about you is inaccurate, incomplete or out-of-date, you have the right to ask us to correct or update the information. You can do this by contacting us using the details set out further below and there is no charge for these requests.

If you’re concerned that we have given incorrect personal information to others, you can ask us to let them know about this correction – we’ll let you know in writing if we are unable to help.

If the incorrect information was given to us by a credit reporting body (or based on that information), we may need to check with the credit reporting body or the credit provider. We’ll aim to help you correct your information within 30 days – however, if we can’t help you within that timeframe, we’ll ask you for extra time and will explain why it’s taking longer.

If we don’t think the personal information we have about you is incorrect, we’ll explain why we think this in writing and provide you with information about how you can complain. We will notify you of the outcome of a request to correct credit-related information within 5 business days of making our decision.

We’re committed to doing the right thing by our customers. If you have any questions or concerns with regard to our handling of your personal information, let us know and we’ll try to fix it.

How you can make a complaint

If you’re concerned with our handling of your personal information (including credit-related information) or believe we have breached the Australian Privacy Principles, Division 3 of Part IIIA of the Privacy Act 1988 (Cth) or the Privacy (Credit Reporting) Code 2014, you can make a complaint and we’ll look in to it. You can raise your concerns or complaint through any of the below contact methods.

How to contact us

Greater Bank

Newcastle Permanent

What can you expect after you make a complaint?

NGM Group aims to resolve complaints on the spot wherever we can. If we can’t provide a resolution on first contact, we’ll acknowledge your complaint has been lodged (generally within 1 business day), and provide you with a reference number and details of how to contact us about your complaint.

If we can’t resolve on the spot, we aim to resolve complaints within 5 business days. If we need more time to resolve your complaint, we may need to refer your complaint to our Customer Relations team for further investigation. During the assessment and investigation of your complaint a Customer Relations Specialist will keep you updated on the progress and work to find a fair solution.

If we are unable to resolve your complaint within 30 days, we will advise you of the reasons for the delay and the expected timeframe for an outcome to your complaint. We will continue to keep you updated on the progress of your complaint and provide you with contact details for the Australian Financial Complaints Authority (AFCA).

What happens if you’re still not satisfied?

If you are not satisfied with our response or how we have handled your complaint, you can contact the Australian Financial Complaints Authority (AFCA) or the Office of the Australian Information Commissioner (OAIC).

AFCA

AFCA provides fair and independent financial services complaint resolution that is free to consumers

OAIC

The OAIC acts as an impartial third party when investigating and resolving a complaint in relation to privacy

Sometimes we need to share your information with overseas organisations which may be located in the following countries:

• Canada
• China
• Denmark
• Germany
• India
• Ireland
• Japan
• Netherlands
• New Zealand
• Philippines
• Singapore
• Thailand
• United Kingdom
• United States

Note, it may not be reasonably practicable to list every country in which such recipients are located.