About this policy
Use and disclosure
Disclosure to overseas recipients
Access and correction
Opting out of product promotions
Storage and security of your personal information
Changes to this policy
Privacy queries or complaints
European Union General Data Protection Regulation (GDPR)
This document sets out how the Bendigo and Adelaide Bank Group safeguards your privacy.
In this document, the Bendigo and Adelaide Bank Group (‘we’, ‘our’ or ‘us’) includes all or any of the following:
- Bendigo and Adelaide Bank Limited, including its divisions Adelaide Bank, Bendigo Bank, Rural Bank and Australian Crop Forecasters
- Bendigo and Adelaide Bank Limited subsidiary companies, including Sandhurst Trustees, Leveraged Equities, National Mortgage Market Corporation, Profarmer, Ferocia, Up Money and Bendigo Superannuation
- Alliance Bank®
- Bendigo Bank agencies
- Bendigo Bank franchises (including Community Bank branches)
- Community Enterprise Foundation™
- University Community Bank
Information about how we handle your credit related information is contained in our Credit Reporting Policy.
We recognise the importance of protecting your privacy and are committed to ensuring the continued integrity and security of the personal information you entrust to us.
We appreciate that the success of our business is largely dependent upon a relationship of trust being established and maintained with past, current and prospective customers, shareholders and other individuals with whom we conduct business. We will therefore continue to collect and manage your personal information with a high degree of diligence and care.
Our aim is to comply at all times with the privacy laws (incorporating the Australian Privacy Principles) that apply to us. If you have a comment, query or complaint regarding a privacy matter, we encourage you to discuss it with us.
We usually collect personal information directly from you. Sometimes we collect or confirm this information from a third party. We will use reasonable efforts to obtain your consent prior to contacting a third party for this purpose.
We collect personal information that includes details such as your:
- Identity information (Name, Date of Birth)
- Contact information (such as phone numbers, address, and e-mail addresses)
- Financial information such as information about your use of financial products and services which you acquire from or through us
In some cases, we collect sensitive information about you such as:
- health related information that is relevant to the services we are providing to you or that you have applied for; or
- biometric information we collect and use for the purpose of verifying your identity.
We will first seek your consent to collect such information where we are required to do so.
As part of our business operations we also collect personal information from other individuals such as shareholders and suppliers.
We may collect personal information from you because we are required or authorised by an Australian law or court/tribunal order to collect that information. We will tell you if collection is required or authorised by law and provide you with details of the law, court or tribunal order. Examples include:
- Anti-Money Laundering and Counter-Terrorism Financing laws;
- The National Consumer Credit Protection Act 2009 (Cth); and
- The Income Tax Assessment Act 1936 (Cth).
We may collect personal information about you from commercially available third party databases.
When you visit our websites, or use our apps or other web-based content and services (“Websites”), either we or our service provider will collect information, which may include your personal information, including:
- Information about the devices you use to access our services including the device type, operating systems, browsers, application settings and location information;
- Information about the way you use your devices when accessing our services, such as the pages you visit, how you hold your device, scrolling, swiping or clicking activity, mouse movements and typing speed which we may collect and process to generate a ‘digital profile’ specific to you that we can use to help identify unusual or fraudulent behaviour; and
- Information about the applications and software installed on your devices, to help identify applications and software that are commonly used by criminals to take control of devices and commit fraud, such as bots, malware and remote access threats applications.
You are the first line of defence against falling victim to scams and fraud. Be security conscious and diligent when sharing personal information and transacting on your accounts.
Our fraud controls, security tools and collection and use of biometric and behavioural information are not an effective substitute for the personal precautions and measures you should take yourself and we do not warrant that they will identify, prevent or reduce all fraud or security risks. You can find measures that you can apply to avoid scams and fraud at www.bendigobank.com.au/blog/personal/10-tips-to-protect-yourself-from-scams/
We use your personal information in order to:
- Provide you with financial products and services (including situations where we are an agent for another product issuer);
- Assist you with your queries or concerns;
- Comply with any legal or regulatory obligations imposed on us;
- Perform our necessary business functions (such as internal audit investigations, performance reporting, research, product development and planning, assessing credit applications for new or existing loans and managing your credit accounts);
- Manage our share registry; and
- Identify and prevent fraud, scams and other unauthorised activity. This can include using your ‘digital profile’ and other behavioural information we collect to identify unusual or suspicious activity.
To do this, we may disclose your personal information to organisations that carry out functions on our behalf. This may include for example mailing and printing houses, cheque and electronic transaction processors, information technology service providers, fraud detection and prevention providers, professional advisers, valuers, introducers and debt collection agencies. Our agreements with these entities ensure this information is only used to carry out functions on our behalf.
We may also disclose your personal information to regulators and government authorities as required by law.
Depending upon the type of product you have requested, we may also disclose your personal information to account holders and operators, guarantors, credit reporting bodies, the trustee or manager of a superannuation fund and insurance companies.
In the case of shareholders, personal information is disclosed to our share registry service provider.
We may also disclose your personal information to an individual or an organisation (a ‘third party’) if:
- You direct us to do so;
- You consent to the third party obtaining the information from us; or
- You consent to the third party accessing the information on our systems, and/or do anything which enables the third party to obtain access.
Your consent to a third party obtaining or accessing information may be implied from:
- Your use of any service or application which a third party provides to you, or makes available to you, which involves the third party obtaining or accessing personal information held by us or organisations like us; or
- You doing anything else which enables the third party to obtain access to the information.
You should never provide or disclose any of your pass codes to any third party to enable the third party to obtain or access your personal information. If you do, you may breach the terms and conditions applying to the products and services we provide to you and you may be liable for any unauthorised transactions that subsequently occur. Pass codes include PINs, internet and telephone banking passwords, and codes generated by security tokens.
We may also use your personal information to tell you about other financial products and services we think you may be interested in. This may include products and services offered or distributed by us or the companies with which we are associated. You can opt out of receiving this information at any time (see below Opting out of product promotions). We do not sell your personal information to third parties.
We provide services to a number of business partners and their customers. In order to provide these services, personal information may be used and exchanged. The personal information of these customers is given the same level of protection and treated in the same way as for our customers.
In some cases we may need to share some of your information with organisations outside Australia. For example, when we use service providers located overseas to perform a function on our behalf.
We may share your information with overseas organisations that are located in the following countries:
- The Netherlands
- New Zealand
When we share your information with organisations overseas we ensure appropriate data handling and security measures are in place.
In most cases you can access your personal information held by us. If you believe that personal information we hold about you is inaccurate, out of date or incomplete, you should contact us (see Contacting us below).
We will promptly update your personal information that is inaccurate, out of date or incomplete. In some cases we may request you provide us with supporting documentation to amend the personal information we hold about you.
If we do not agree that your information is inaccurate, out of date or incomplete, we will give you a written notice including the reasons why we do not agree with you and how you can make a complaint if you wish to do so.
You can opt out of receiving direct marketing material at any time by contacting us (see Contacting us below).
If you do opt out, we will continue to provide information in relation to your existing accounts or facilities only (including new features or products related to these accounts/facilities).
We will take reasonable steps to keep the personal information we hold about you secure to ensure that it is protected from misuse, interference, loss, unauthorised access, modification or disclosure.
Your personal information is stored within secure systems that are protected in controlled facilities. Our employees and authorised agents are obliged to respect the confidentiality of any personal information held by us.
You can also help to keep the personal information we hold about you secure by taking care before you authorise or otherwise assist any third party to obtain or gain access to that information (see Use and disclosure above).
We use our best efforts to ensure that information received via our Websites remains secured within our systems. We are regularly reviewing developments in online security; however, you should be aware that there are inherent risks in transmitting information across the internet.
Sometimes cookies are used by third party service providers with whom we have agreements for services such as monitoring the success of our marketing campaigns and providing data analytics or to provide core services and features on our websites. The third party service providers use the cookies to collect information such as when you visited our site, your browser type and your IP address. Information collected may also include randomly generated visitor and session identifiers.
The information is used in an aggregate form and generally no personal information is collected by the third party service providers. Our agreements with these third parties ensure this information is only used to carry out functions on our behalf, and if any personal information is collected the confidentiality of that information is maintained.
Most internet web browsers are pre-set to accept cookies to enable full use of websites that employ them. However, if you do not wish to receive any cookies on an internet web browser you may configure your browser to reject them or receive a warning when cookies are being used. In some instances, this may mean that you will not be able to use some or all of the services provided on our Websites. However you may still be able to access information-only pages.
If you are unhappy with the resolution
If you are not satisfied with the response provided, you have the option to refer your complaint to the relevant external dispute resolution scheme.
We are a member of the Australian Financial Complaints Authority (AFCA).
AFCA provides fair and independent financial services complaint resolution that is free to customers. You can contact AFCA:
- In writing: GPO Box 3, Melbourne VIC 3001
- Telephone: 1800 931 678
- Email: firstname.lastname@example.org
- Website: www.afca.org.au
If your complaint relates to how we handle your personal information you can also contact:
If you are in a country that is a member of the European Economic Area (EEA), you may be protected by the European Union General Data Protection Regulation 2016/679 (‘GDPR’). Read more information about our GDPR Policy.
If you have any questions about this policy, what personal information or credit related information we may hold in relation to you, or about the way we manage your personal information or credit related information you can contact us.
If you would like to contact an entity in the Bendigo and Adelaide Bank Group which is not listed, please contact 1300 236 344.
National Mortgage Market Corporation
Bendigo and Adelaide Bank Share Registry
Community Enterprise Foundation™
Australian Crop Forecasters
Date of Publication - June 2023