At Beyond Bank, we take your privacy very seriously.
We understand the importance of protecting your privacy and are committed to the Privacy Act 1988 (Commonwealth) and the Australian Privacy Principles.
We only collect, use or store your personal information in accordance with the requirements of privacy laws, and our policies and procedures.
Read our Privacy Policy to find out more about our privacy and information handling practices. Our Privacy Policy explains what personal information we may collect and for what purposes we may collect it. It also describes how we collect, use and store your personal information and to whom your personal information may be disclosed to.
Privacy Policy.
Current as at 3 June 2024.
1. Key types of information
Certain words have special meanings when used in this Privacy Policy. These are shown below.
"Personal information" means information or an opinion about you, (if you are an individual), where you can be identified, or can reasonably be identified, from that information. Although we try to make sure that all information we hold about you is accurate, "personal information" also includes any inaccurate information about you.
“Biometrics” means a biological measure or physical characteristic that can be used to identify an individual. For example, fingerprint, voice or facial recognition.
"Credit eligibility information" means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about your credit worthiness (if you are an individual).
"Credit information" means personal information that includes the following:
- information, such as your name, age and address, that we may use to identify you;
- information about your current or terminated consumer credit accounts including repayment history;
- financial hardship information about you;
- the type and amount of credit you have applied for in any previous consumer or commercial credit applications to any credit provider (eg bank or non-bank lender), where that credit provider has requested information;
- information about you from a credit reporting body;
- information about any consumer credit payments overdue for at least 60 days where the overdue amount is $150 or more and collection action has started;
- advice that payments that were previously notified to a credit reporting body as overdue are no longer overdue;
- information about new credit arrangements you may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any of your defaults or serious credit infringements;
- information about court judgments which relate to credit that you have obtained or applied for;
- information about you on the National Personal Insolvency Index;
- publicly available information about your credit worthiness; and
- an opinion of a credit provider that you have committed a serious credit infringement of credit provided by that credit provider.
We may not hold all of this type of information about you. However, if we hold any of this type of information, it is protected as "credit information" under the Privacy Act.
"Credit-related information" means credit information, credit eligibility information and related information.
2. Collection
We will only collect your personal information (including credit information) directly from you, unless you have provided your consent for us to obtain the information from another source. We may collect personal information from you by various means including in-person, by telephone, using video conferencing, by email, through our website and mobile app, other electronic means (e.g. biometrics) and letter.
We will only ask for personal information relevant to our business relationship with you. When you first apply to become a customer, or apply for one of our products or services, we may request:
- information such as your name, address, date of birth and contact details so we can identify and contact you;
- your tax residency status, your tax file number (TFN and/or taxpayer identification number (TIN);
- biometrics including facial and voice biometrics;
- for credit products (eg credit card, loan), information about your financial position such as your income, savings, expenses, assets and liabilities, employment details, and any (other) credit arrangements; and
- your reasons for applying for a product or service.
We may also need to collect personal information (including credit-related information) about you from third parties. For example, when assessing an application for credit from you, we may collect personal information from your employer, other credit providers and third party service providers including credit reporting bodies. Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers and others in the credit industry to assist them in managing credit risk, collecting debts and other activities. You can ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.
Some information is created through our internal processes, for example, credit eligibility scoring information.
If you do not provide us with the personal information that we request, we may not be able to consider your application for credit or provide other products and services.
3. Laws under which we are required to collect your personal information
There are laws that require us to obtain personal information about you before we provide you with particular products or services or process particular transactions in which you are involved, including:
The Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No 1) (Cth) requires that we collect certain information from you prior to admitting you as a customer. For example, if you are opening a membership as an individual, we are required to collect your full name, date of birth and current residential address. We are also required to verify this information using a reliable and independent source. Different information is required to be collected and verified if you are opening a membership in a capacity other than as an individual (eg a company).
The National Consumer Credit Protection Act 2009 (Cth) requires that we collect personal information from you when you are applying for credit from us. We are required to collect the information about your credit requirements, objectives and financial situation. We are also required to collect the necessary information to verify your financial situation, which includes verifying your income and employment details.
Other laws may include those relating to taxation and real property transactions.
4. Use
We may use your personal information (including credit-related information) for the purpose of providing products and services to you and managing our business. This may vary depending on which products and services you have applied for and which member of the Group you are dealing with. This may include:
- assessing and processing your application for our products and services;
- executing your instructions;
- fees and charging;
- ongoing servicing of our relationship with you including identifying you;
- uses required or authorised by law;
- protecting you and us from error or fraud;
- research and development;
- collecting overdue payments due under our credit products;
- managing our rights and obligations regarding external payment systems;
- direct marketing;
- establishing, maintaining and providing our systems and processes to provide our products and services to you.
We do not use or disclose your personal information (including credit-related information) for a purpose other than one:
- set out in this Privacy Policy;
- you would reasonably expect;
- required or permitted by law; or
- otherwise disclosed to you to which you have consented.
5. Disclosure
We may disclose your personal information (including credit-related information) to other organisations that provide services that assist us in supplying or administering the products and services we offer.
Organisations to which we will usually disclose your personal information include:
- our related companies;
- external organisations that are our assignees, agents or contractors;
- external service providers to us, such as:
- those we use to verify your identity;
- those we use to provide you with our products and services, including those for whom we act as an agent;
- administration service platforms;
- fund managers;
- payment systems operators;
- information technology service providers;
- printing and mailing houses;
- fraud prevention service providers; and
- research consultants;
- our professional advisors, such as accountants, lawyers and auditors; and
- your representative, for example, lawyer, conveyancer, mortgage broker, financial advisor, accountant, stockbroker or attorney, as authorised by you.
Organisations to which we may disclose your personal information include:
- insurers and re-insurers, where insurance is provided in connection with our services to you;
- superannuation funds, where superannuation services are provided to you;
- loyalty and affinity program partners;
- those involved in a transfer of all or part of our assets or business;
- other financial institutions, for example, if you ask us to process a payment or funds transfer to an account at another financial institution;
- credit reporting bodies, including disclosing that you are in default under a credit agreement or commit a serious credit infringement, if that is the case;
- lenders' mortgage insurers, where relevant to credit we have provided;
- debt collecting agencies, if you have not repaid a loan as required;
- state or territory authorities, or PEXA (the national electronic property exchange), that give assistance to facilitate the provision of home loans to individuals;
- certain entities that have bought or otherwise obtained an interest in your credit product, or that are considering doing so, and their professional advisors;
- if required or authorised by law, government and regulatory authorities (eg the Australian Taxation Office, the Courts under subpoena, our auditors, and regulators such as APRA, ASIC and AUSTRAC); and
- other organisations for which you have provided your consent.
We may also disclose your information:
- if in the public interest to do so (eg if a crime, fraud, or misdeed is committed or is suspected, disclosure to a law enforcement body may be justified); or
- if in our interest to do so (eg disclosure to a Court in the event of legal action to which we are a party).
However, we will never sell any of your personal information to any other organisation.
We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.
Your consent to a third party obtaining or accessing information may be implied from:
- your use of any service or application which a third party provides to you, or makes available to you, which involves the third party obtaining or accessing personal information held by us or organisations like us, or
- you doing anything else which enables the third party to obtain access to the information.
5.1. Disclosure outside of Australia
We may disclose your personal information overseas if you choose to make an international transfer. The countries to which we may disclose your personal information are those to which you make a transfer. However, if we do disclose this information outside Australia, we will do so on the basis that the information will only be used for the purposes set out in this Privacy Policy.
From time to time we may use service providers or other third parties which operate or hold data outside of Australia. This may result in your personal information being stored overseas. These parties are selected specifically to assist in enabling us to provide products or services to you, in particular information technology solutions. At present our arrangements include providers based in the United States of America and the Netherlands¹. Where this occurs we ensure that appropriate data handling and security arrangements are in place to protect your data.
5.2. The Consumer Data Right (CDR)
The CDR gives you the right to:
- access some of the data (including personal information) held about you by us and by other data holders (‘CDR Data’).
- consent to an accredited third party accessing your CDR data held by us; and
- consent to an accredited third party accessing your CDR data held by another data holder.
6. Sensitive Information.
We have a policy about our management of CDR Data. It is available through our website, internet banking and mobile app. You can also obtain an electronic or hard copy from us on request.
Where it is necessary to do so, we may collect personal information about you that is sensitive. Sensitive information includes information about an individual's health, biometric information and membership of a professional or trade association.
Unless we are required or permitted by law to collect that information, we will obtain your consent.
7. Refusal of credit applications
We may refuse an application for consumer credit made by you on your own or with other applicants. Our refusal may be based on credit eligibility information obtained from a credit reporting body about you, another applicant or another person proposed as guarantor. In that case, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.
8. Security
We take all reasonable steps to ensure that your personal information (including credit-related information), collected through our website or otherwise and subsequently held by us, is protected from:
- misuse, interference and loss; and
- unauthorised access, disclosure or modification.
Your personal information may be held by us in paper or electronic form. All personal information is stored within secure systems which are in controlled facilities. There are restrictions on who may access personal information and for what purposes. Our employees, contractors, service providers and authorised agents are obliged to respect the confidentiality of personal information held by us.
If we suspect or believe that there has been any unauthorised access to, disclosure of, or loss of, personal information held by us, we will promptly investigate the matter and take appropriate action, and we will comply with any obligations in relation to notifiable data breaches that are in force under the Privacy Act.
We ask you to keep your passwords and PINs confidential, and secure. To keep the personal information that we hold about you secure, you should never provide or disclose any of your passwords or Personal Identification Numbers (PINs) to any third party, this will enable access by them to your personal information. If you do, you may breach the ePayments Code and the terms and conditions applying to products and services we provide to you and you may be liable for any unauthorised transactions that subsequently occur.
When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we take reasonable steps to ensure it is destroyed or de-identified.
9. Digital
This section explains how we handle personal information and credit information collected from our digital channels. If you have any questions or concerns about transmitting your personal information via the internet, you may contact our Privacy Officer (whose details are in paragraph 15 of this Privacy Policy) as there are other ways for you to provide us with your personal information.
9.1. Cookies
When you browse our website or mobile app services you will do so anonymously. Personal information, such as your name, address, telephone number or email address, is not collected. We use ‘cookies’ to collect information about how our website is used. ‘Cookies’ give users a unique, random ID by storing small text files onto a user’s computer with their web browser. They enable a website to track a user’s activities.
You may change the settings on your browser to reject cookies. However, doing so might prevent you from accessing the secured pages of our website and those of other websites.
9.2. Information Collected
Our website and mobile app offer a number of interactive facilities including tools such as calculators, as well as online surveys, communication and application forms.
If you visit an unsecure area of the website (ie an area where you are not required to log on) to read, browse or download information, our system will record the date and time of your visit to our site, the pages viewed and any information downloaded. However, our systems will not record any personal information.
If you use any of the tools such as our calculators, we generally do not capture any personal information that you may enter when using these tools. However, we may aggregate this information to provide us with insights into how to provide better services to you.
Instances where we will retain your personal details:
- When a tool or application allows you to suspend or save your progress and retrieve the details at a later time, such as our Car Loan, Personal Loan and Home Loan applications. In this case the information is stored on our systems so that you may resume your application, or your application may be retrieved by us.
- When you use our live chat service on our website or mobile app, we will store the email address and phone number (if you have provided it) for a period of time to allow us to contact you outside of the live chat environment if you require us to do so.
- If you decide to complete an online application form or online survey, the information that you enter into the online form or survey will be collected by us once you submit your online application or survey to allow us to contact you about your application.
9.3. Email
When we receive emails, we will retain the content of the email and our response to you.
Your email address will only be used or disclosed for the purpose for which it was provided. It will not be added to any mailing lists or used for any other purpose without your consent.
Email itself is an unsecure medium. Therefore, when emailing us, you should be aware that, when transmitted, the data may be visible while in transit. When providing us personal information, secure options should be used such as our Secure Inbox within our Internet Banking service.
9.4. Mobile App
9.4.1. Our security practices
We are committed to providing safe mobile banking services. All use of our mobile banking application and transactions through the mobile app are encrypted. Encryption protects any personal information you send to us through our mobile banking service. Only authorised employees or agents of the Group can gain access to this information.
9.4.2. Notifications
Banking transaction and balance alerts can be established via our mobile banking app. These alerts can only be established by you and the secure detail of the alert can only be viewed when you are logged into mobile banking. Your mobile device will, however, receive push notifications from our systems through its operating system’s notification facility indicating to you that an alert has been produced and is ready to be viewed through mobile banking. These push notifications will not present personal information.
9.4.3. Location based services
We use your current location to determine the closest bank branch, ATM, access point or other services that we consider may be of benefit to you, when you allow us to do so via a setting on your mobile device. This information is only used while determining the standard bank services closest to you and we do not store this information.
9.5. Website Security
We use information security standards applicable to banking to establish secure connections with you and to limit access to databases containing personal information to authorised personnel only. When we capture your personal information it is passed through our secure server using encryption technology to ensure it is protected when transmitted over the internet. However, we cannot guarantee that any information transmitted via the internet by us, or you, is entirely secure. You use our website at your own risk.
9.6. Links on our website
Our website may contain links to third party websites. The terms of this Privacy Policy do not apply to external websites. If you wish to find out how any third party handles your personal information or credit information, you will need to obtain a copy of their privacy policy.
Where you access a third party website from our website, cookie information about your preferences or other information you have provided about yourself may be shared between us and the third party. You cannot be identified from the information that is shared. However, if you can be identified from this information, we will seek your consent before sharing such information.
9.7. Advertising and Tracking
We use an advertising company to deliver our online advertising where banner advertisements are placed on third party websites.
When you view our advertisements on a third party website, the advertising company uses 'cookies' to collect information such as:
- The server your computer is logged on to;
- Your browser type;
- Your device type;
- The date and time of your visit;
- The performance of their marketing efforts; and
- Any information or documentation that you download.
When you click on one of our advertisements that appears on another website, the advertising company will collect information on how you utilise our website (eg which pages of our website you view) and whether you complete an online application. In addition, we also use other service providers, known as tracking companies, to collect information on how you use our website.
These tracking companies also use cookies to collect information similar to that collected by the advertising company.
The advertising company and tracking companies use the information they collect to perform statistical analyses of aggregate user behaviour, but those analyses are not based on personal information. We use those analyses to measure advertising effectiveness and relative consumer interest in the various areas of our website. As a general rule, no personal information is collected by the companies in this process. If, however, any information is automatically collected, these companies are required under their arrangements with us to maintain the privacy and confidentiality of that personal information.
We may disclose the information collected by a company, in an aggregate form only, to third parties including advertisers or potential advertisers.
We utilise third party software to create heat maps of our website pages. Heat maps are aggregations of data regarding which parts of our website people view and what links they click on. This information can be used to optimise the information we provide via our website and how we link pages, with the aim of creating a better experience for visitors. The software does not collect personal information about you but does create a cookie that allows the software to detect whether you are a first time or return visitor.
10. Access
You may request access to the personal information (including credit-related information) that we hold about you at any time from our Privacy Officer whose details are in paragraph 15 of this Privacy Policy.
We will respond to your request for access within a reasonable time. If we refuse to give you access to any of your personal information, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. You can contact our Privacy Officer if you would like to challenge our decision to refuse access.
We may recover the reasonable costs that we incur for responding to your request for access to your personal information.
11. Accuracy
We take reasonable steps to make sure that your personal information (including credit-related information) that we collect, use or disclose is accurate, complete and up-to-date. However, if you believe your information is incorrect, incomplete or not current, you can request that we update this information by advising one of our staff or contacting our Privacy Officer whose details are in paragraph 15 of this Privacy Policy.
12. Marketing
Where permitted by law, we may use your personal information, including your contact details, to provide you with information about our products and services, including those of third parties, and competitions or promotions which we consider may be of interest to you.
We may also provide your details to third party organisations with which we have arrangements for marketing products and services to our customers.
12.1. Opting Out
You may opt out at any time if you no longer wish to receive marketing information or do not wish to receive marketing information through a particular channel, such as email. In order to do so, simply contact us and let us know that you no longer want us to send you marketing materials or disclose your information to other organisations for marketing purposes. You can also 'unsubscribe' from our email marketing messages, which always include an unsubscribe option.
To help us reach the right people with direct marketing for our credit products or services, we may ask a credit reporting body to "pre-screen" a list of potential recipients of our direct marketing against our eligibility criteria to remove recipients who do not meet those criteria. The credit reporting body cannot use information about your existing loans or repayment history in carrying out its pre-screening and it must destroy its pre-screening assessment once it has given us, or a contractor acting on our behalf, the list of eligible recipients. If you do not want your credit information used for pre-screening by a credit reporting body that holds credit information about you, you can opt-out by informing that credit reporting body. The credit reporting bodies we use are Equifax Pty Ltd (https://www.equifax.com.au) and Illion Australia Pty Ltd (https://www.illion.com.au). The contact details for these bodies are available on their respective websites.
13. Changes to the Privacy Policy
We may make changes to this Privacy Policy from time to time (without notice to you) that are necessary for our business requirements or the law.
14. Questions and complaints
If you have any questions, concerns or complaints about this Privacy Policy, or our handling of your personal information (including credit-related information), please contact our Privacy Officer whose details are in paragraph 15 of this Privacy Policy. You can also contact the Privacy Officer if you believe that the privacy of your personal information has been compromised or is not adequately protected.
Once a complaint has been lodged, the Privacy Officer will respond to you as soon as possible. We will aim to deal with your complaint at the source of your complaint.
If you are still not satisfied, you can contact external bodies that deal with privacy complaints. These are the Australian Financial Complaints Authority, which is an independent external dispute resolution scheme, and the Office of the Australian Information Commissioner. Either of these bodies may forward your complaint to the other if it considers the complaint would be better handled by that other body.
- Office of the Australian Information Commissioner
Post: GPO Box 5218, Sydney NSW 2001
Telephone: 1300 363 992
Website: www.oaic.gov.au
- Australian Financial Complaints Authority
Post: GPO Box 3, Melbourne VIC 3001
Telephone: 1800 931 678
Website: www.afca.org.au

15. Privacy Officer
Our Privacy Officer's contact details are:
- Privacy Officer
Beyond Bank Australia
Post: GPO Box 1430 Adelaide SA 5001
Email: privacyofficer@beyondbank.com.au
In the first instance, all privacy queries or complaints are handled by our Customer Experience Manager.
- Customer Experience Manager
Beyond Bank Australia
Post: GPO Box 1430 Adelaide SA 5001
Telephone: 13 25 85
Web: www.beyondbank.com.au/help-and-contact/provide-feedback/
Please read this important information.
1 | Disclosure in this country is limited to disputed transactions and chargebacks relating to eftpos. |