How your personal information is used and managed
This policy was prepared in May 2020.
If you have any feedback on this policy, or you wish to contact us, please email us at email@example.com. We look forward to hearing from you.
We may vary this policy from time to time. We will ensure that the most updated version is on our website. We invite you to check the policy on the website from time to time.
What is Personal Information and Personal Data
In Australia, personal information is information, or an opinion about you or from which you can reasonably be identified.
The General Data Protection Regulation (GDPR) regulates the way we process information, from which you can be identified or from which you are identifiable, that we collect about you while you reside in a country in the European Economic Area (EEA) or Switzerland. There is a list of EEA countries at the end of this section.
This policy refers to that information as “personal data”. The term “personal information” in this policy also includes that “personal data”.
For GDPR purposes, we process personal data about you when we collect and use that personal data. Also, we are the controller of that personal data.
When we collect personal data, we manage that personal data under this policy, the GDPR and any other law that applies to processing that personal data.
If you reside in an EEA country and we process personal data about you, there is more information about particular rights the GDPR gives you under the heading “Processing Personal Data under the GDPR” later in this policy.
The EEA countries are:
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the United Kingdom, Iceland, Liechtenstein and Norway.
WHY WE COLLECT PERSONAL INFORMATION
We collect personal information about you when we take a record of that personal information.
We collect personal information about you only where we need to or where that personal information is related directly to your banking functions and activities with Volt Group. For example, we collect personal information about you so we can:
- supply banking or other services to you;
- manage our commercial relationship and arrangements with you;
- help us to understand your banking requirements and develop our products and services;
- offer you our products or other products as they become available and that may be of interest to you;
- make products available to you at your request;
- determine your ongoing ability to service any loan;
- improve the services and products we offer; and
- communicate with you about participating in Volt Labs activities like market research programs, focus groups, surveys or events.
If you are a Volt Bank customer, we may collect other personal information about you from dealing with you to help us conduct our banking activities efficiently.
If you participate in Volt Labs activities, we will collect other personal information about you only if we reasonably need that information for those activities. For example, we may collect personal information about you so:
- you can participate in Volt Labs programs to help us understand and solve community financial problems better;
- you can help us develop and improve Volt Bank banking products and services;
- you can participate in social events, competitions and other promotional events connected to participating in Volt Labs activities;
- we can develop Volt Labs activities in which you may be interested in participating.
- we can arrange your participation in Volt Labs activities;
- we can test ideas and get feedback about banking products and services; and
- we can offer products, services and rewards that may be of interest to you.
WHAT PERSONAL INFORMATION DO WE COLLECT
We or our service providers may collect personal information about you including:
- identification information like your name, date of birth, address and contact details;
- information you use or give us when you:
- enquire about our products or services;
- apply to open an account with us or to obtain other products or services;
- use our website;
- ask us, or accept our invitation, to participate in Volt Labs activities;
- information we collect from supplying products or services to you;
- information about your location or activity when accessing our services to assist with fraud detection;
- information we collect when you use our website like:
- your IP address;
- the user ID of logged in users; and
- the username of login attempts;
- information we collect about you from participating in Volt Labs activities;
- financial information like your income and expense particulars and your transaction data from other financial institutions when we consider credit applications by you or offers to guarantee credit obligations owed by others to us; and
- credit information like details about your credit history, credit capacity and credit worthiness
We keep information while you are a customer with us and for only as long as we need it.
Generally, we will keep your information for 7 years but sometimes we need to keep it for longer such as:
- if the law requires us to keep it for longer;
- to respond to any complaints
How we collect personal information
Mostly, we collect personal information about you directly from you. We may collect personal information about you from other sources, like when:
- you use our website and services;
- if you apply for a loan from us, when we obtain a credit report about you to consider your loan application; or
- we access your transaction data from other financial service providers to assess both initially and on an ongoing basis whether you can afford a loan with us.
- you participate in Volt Labs activities.
Sometimes, we collect personal information about you that is available publicly or from others who:
- act for you, like your mortgage broker or another person who refers you to us;
- check information you give us, like confirming your income with your employer if you are applying for a loan from us;
- supply services (like identity verification or loan settlement services) to us;
- give us information to help us decide whether to make a product or service available to you (like credit reporting agencies and other credit and financial service providers) and whether you can continue to meet your repayment obligations; or
- help us manage our arrangements with you.
HOW WE PROTECT PERSONAL INFORMATION
We will take steps reasonably available to us to protect your personal information from:
- misuse, interference or loss; and
- unauthorised access, modification or disclosure.
We will do this by ensuring that access to your personal information is password protected and available only to those of our employees that need to use, disclose or manage it under this policy.
Personal information that we can’t protect is personal information that you share with us on our social media channels such as email addresses and first and last names.
If, despite our best efforts, a data breach occurs, we will take immediate steps to determine the breach, its cause and how to fix it.
We will advise you of the extent of the data breach (if known) and the most appropriate means of regaining control of that information. We will also notify the Office of the Australian Information Commissioner (OAIC) or any other regulator, if appropriate and comply with all other relevant legal requirements.
HOW WE USE PERSONAL INFORMATION
We may use personal information about you to:
- consider any requests or applications you make to us or to our service partners;
- help us to understand your banking requirements;
- assess your ongoing ability to repay any loans; and
- refine and develop our products and services;
We may also use your personal information to tell you about our products and services or products and services from our service partners that may be available to you. That may include telling you about competitions or other promotional events in which we invite you to participate. That correspondence is called direct marketing.
You can tell us to stop sending you direct marketing at any time. Please see below for our contact details.
We may also use personal information about you to:
- identify you and manage our arrangements with you;
- prevent or investigate conduct that may be fraudulent or criminal;
- assist us to develop and improve our banking products and services if you wish to participate in Volt Labs activities; and
- assist with any other purpose you consent to or at your direction
HOW OUR SERVICE PROVIDERS COLLECT AND USE PERSONAL INFORMATION
Our service providers may collect information about your use of our website, products or services or when you participate in Volt Labs activities to:
- help us to engage with you efficiently;
- help us to improve and promote the products and services we offer;
- guard against fraud;
- check for malicious activity; and
- protect you and our websites from specific kinds of attacks.
HOW AND WHEN CREDIT INFORMATION IS USED
- apply for, or have, a loan from us; or
- offer to guarantee or guarantee obligations owed by others to us,
we may exchange personal information about you with credit reporting bodies.
Information that we may obtain and exchange about you may include:
- identification information such as your name, date of birth, address and driver’s licence number;
- consumer credit liability information such as credit providers who gave you credit, the types of credit and the maximum amounts of credit available under those arrangements;
- the history of whether you made loan repayments and when repayments were made;
- requests that have been made for access to the credit file the credit reporting body holds about you;
- the types of credit for which you have applied;
- ongoing credit bureau scores;
- when you are at least 60 days overdue on a payment and when you have made those payments or entered into new payment arrangements;
- court judgments relating to you and credit you obtained;
- information about arrangements with creditors and whether you are bankrupt;
- publicly available information about your credit worthiness; and
- in a credit provider’s opinion, you have committed a serious credit infringement such as:
- obtaining or seeking to obtain credit fraudulently; or
- you have acted in a way that led your credit provider to believe you no longer wish to comply with your credit obligations and your credit provider has been unable to contact you.
We may use information we get about you from a financial institution or credit reporting body or information we derive from that information to assess your application for credit from us or to assess your ongoing ability to repay a loan or to invite you to apply for another product or service from us.
HOW WE USE GOVERNMENT IDENTIFIERS
We do not use Government related identifiers (such as tax file numbers or Medicare card numbers) to identify you in our records. We may collect and use some of your Government related identifiers, but only for reasons required and permitted by the Privacy Act, the Australian Privacy Principles (APPs) in the Act or any APP Code, law or rule we follow. For example, we may use those identifiers to help us to check your identity before we make banking products available to you or for tax reasons.
WHEN DO WE DISCLOSE PERSONAL INFORMATION
We may exchange personal information about you with:
- other companies in the Volt Group;
- credit reporting bodies, if you apply for, guarantee or obtain a loan or any other credit product from us;
- any guarantors or possible guarantor of your obligations to us;
- suppliers that help us to conduct our business. Amongst other suppliers, that may include suppliers that help us to:
- understand your banking requirements;
- improve our products or services;
- verify your identity;
- settle loans we make available;
- provide services to help us run our business;
- take appropriate action about suspected fraudulent or unlawful activity or serious misconduct;
- take loan recovery action for us; or
- if you participate in Volt Labs activities, arrange for that participation or to analyse information we gather from your participation.
Those suppliers may:
- disclose your personal information to contractors that assist those suppliers to perform services for us;
- track your use of our products, services or website for us; or
- if you participate in Volt Labs activities:
- assist us to arrange those activities; and
- analyse results from your participation.
Our arrangements with suppliers will limit use of your personal information to the services they supply to us. We will ask suppliers to in turn ensure their arrangements with contractors limit those contractors’ use of your personal information to help the suppliers perform services for us.
We will require suppliers or their subcontractors to return, destroy or de-identify personal information about you that they hold when they cease performing services for us. If you want information on how those suppliers manage your personal information, please email us at firstname.lastname@example.org
Suppliers we share personal information with include:
- your employer to verify employment-related information you give us;
- other financial institutions you deal with;
- mortgage brokers that introduce you to us and any mortgage aggregator that supplies services to your mortgage brokers;
- any person who refers you to us to obtain services from us;
- regulators or law enforcement bodies;
- dispute resolution bodies or services, to assist with resolving any complaint you make about our products or services or any dispute you may have with us;
- any entity that proposes to take an interest in our business or any of our loans or other assets. That may include entities that are involved in securitising any loan we made available to you; and
- any person at your request or with your consent.
We use Google Analytics services to improve and analyse our website and app experiences.
We may share information with Google for that purpose. When you use:
- our website, that information may include the URL of the webpage that you’ve visited and your IP address. Google may also set cookies on your browser or read cookies that are already there; and
- the Volt Labs App, that information may include a device ID, user behaviour and app usage data.
To assist us with fraud detection, we collect behavioural data (e.g. data about how you use your device while using the app (behavioural)) and location data. This assists us to detect potential fraudulent activity, and to verify if you are undertaking activity on your account. We will use this information only for the purpose of protecting your security, unless you consent for us to use the information for other purposes.
In most circumstances this fraud detection information is destroyed after 2 years unless we need to keep it for another purpose relating to dealing with you. We take reasonable measures to ensure that your information is secure.
DO WE DISCLOSE PERSONAL INFORMATION OVERSEAS
If there is a need to store information overseas (for example, if a service is not available in Australia) we may disclose personal information about you to overseas entities that assist us to conduct our business. It may be necessary for those overseas entities to disclose your personal information under foreign law.
Some of the entities we disclose personal information to are situated in the USA, Switzerland, India, Ireland and the Philippines. There may be other overseas jurisdictions, we cannot identify now, in which those overseas entities may, in turn, hold your personal information. If those entities need to host your personal information overseas we tokenise or hash or take other steps to protect the security of that personal information for better data protection.
We are responsible for any failures by overseas entities to manage your personal information in accordance with the APPs.
WHAT THE LAW REQUIRES US TO DO
We may collect personal information about you because the law requires us to do so. For example, the law requires us to collect personal information about you to:
- identify you under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) before we open an account for you or make a loan to you; and
- decide whether a loan would be suitable for you under the National Consumer Credit Protection Act 2009 (Cth).
If we receive personal information about you that we did not request, we will consider whether we need that information for our banking functions and activities. If not, we will destroy that information or ensure it does not identify you.
If we do not collect personal information about you, we may not be able to:
- tell you about our products and services;
- supply products and services to you;
- manage our relationship with you, like dealing with a complaint you make to us;
- tell you about other products and services that may interest you;
- arrange for you to participate in Volt Labs programs, focus groups or social events.
You may be able to use our website to find out information about us, our products and services or participate in Volt Labs activities by using a pseudonym or without identifying yourself.
However, due to the nature of the banking products and services we supply, the law requires us to identify you when we make our banking products available to you or supply our banking services to you.
If you tell us personal information about another person, we ask that you:
- tell that other person that you have done so; and
- invite that person to contact us to obtain a notice from us about how we manage their personal information.
How to stop receiving direct marketing
You can ask us any time to stop sending you direct marketing information. When we email you with direct marketing, you can respond by clicking unsubscribe and we will stop sending you direct marketing. We do not charge you a fee for asking us to stop direct marketing.
How to access your personal information
You can ask for access to personal information we hold about you anytime. We may ask you to detail the information you require if you want only some of that personal information.
If you want to access the personal information we hold about you, please email us at email@example.com.
You may also want to access personal information (including credit-related personal information) we have disclosed about you to third parties or to make a complaint to those third parties. The privacy policies of those third parties will tell you how you can make an access request or a complaint to them.
Generally, we will give you access to the information you request. There may be some circumstances, permitted by the APPs, in which we will not give you that access. For example, we may not give you access to information where:
- giving access would have an unreasonable impact on the privacy of others;
- we reasonably believe the request is frivolous or vexatious;
- the information relates to actual or possible legal proceedings between us and you and we would not have to produce that information under orders a court may make in those proceedings;
- giving access would prejudice our interests relating to negotiations we are having with you or investigations we are making into unlawful activity or misconduct of a serious nature;
- the law or a court or tribunal order prevent us from giving you access; or
- giving access would reveal certain information we generate internally relating to a commercially sensitive decision-making process.
We will give you written reasons if we refuse to give you access to personal information you request, unless there are reasonable grounds (such as confidentiality obligations we owe) for not giving you those reasons. In any case, we will give you an explanation if we do not give you access to information because of a commercially sensitive decision-making process.
We will give you access to the information you request in the manner you request (for example, by email), if we are reasonably able to do so. If we are not able to do so or if we have a reason for not giving you access to all the information you request, we will try and work with you to give you access to personal information we hold about you in a way that meets your needs and our needs.
We will respond to any request you make for access to personal information we hold about you within a reasonable time after you make the request. The time it takes will depend on the amount of information you seek and whether we have to make more enquiries of you to clarify your request. We expect to respond to any request you make for access within 30 days after we receive your request.
Depending on the amount of information you request, we may charge you a fee for organising the information you request from us. We will give you an estimate of the fee before we organise the information. Then, we can work with you to check whether you wish to limit your request to reduce the charges.
HOW PERSONAL INFORMATION IS KEPT UP-TO-DATE
We take steps, reasonably available to us, to ensure that the personal information we hold about you is accurate, up-to-date and complete. To assist us, we ask that you contact us and update the personal details we hold about you (for example, your name, address and contact details), if those details change. You can contact us by email to firstname.lastname@example.org.
You may consider that the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading. You can request us to correct the personal information we hold about you by email to email@example.com.
If we receive your request to correct information but consider that the information does not need correcting, we will give you a written notice setting out our reasons. Also, we will give you details of how you can:
- ask us to associate a statement to the information you consider to be incorrect; or
- make a complaint about us refusing to correct information.
We will respond to any correction request you make within a reasonable time after you make the request.
We will not charge you for correcting or associating a statement to personal information at your request.
HOW TO MAKE A COMPLAINT
If you have a complaint about the way we manage the personal information we hold about you, please email us at firstname.lastname@example.org.
If we cannot resolve your complaint in a manner that is satisfactory to you and within 30 days of receiving your complaint, we will tell you how you can take your complaint to the external dispute resolution scheme of which we are a member or the Office of the Australian Information Commissioner (OAIC).
We are a member of the Australian Financial Complaints Authority (AFCA). You can lodge a complaint with AFCA by visiting the AFCA website at www.afca.org.au.
You can make a complaint to the OAIC by using the privacy complaint form available at www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint and submitting it online, by post, fax or email.
It is free to make a complaint to us, AFCA or the OAIC.
ADDITONAL RIGHTS UNDER GENERAL DATA PROTECTION REGULATION (GDPR) IF YOU ARE LOCATED IN THE EEA
The following explains how we comply with the GDPR for residents of the European Economic Area (EEA) or Switzerland.
Note the following does not apply if you reside in Australia
Just a reminder: “personal data” is information, from which you can be identified or from which you are identifiable, that we collect about you while you reside in a country in the EEA or Switzerland.
In addition to other reasons set out in this policy, we may process personal data about you because:
- you have permitted us to do so to:
- help us understand your banking requirements and develop our products and services;
- offer you our products or other products as they become available and that may be of interest to you;
- we need to perform an agreement (such as a contract to hold an account) we have with you;
- the processing is in our legitimate interests and those interests are not overridden by your rights; or
- we need to do so to comply with the law.
We will retain personal data about you only for as long as is necessary for the purposes set out in this policy. We will retain and use that personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We may transfer personal data about you to, and maintain it on, computers located outside of your State, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.
We may transfer that personal data to Australia and process it there or to other jurisdictions. Also, please read the particulars under the heading Disclosing personal information overseas in this policy.
We will take all steps reasonably necessary to ensure that personal data about you is treated securely and in accordance with this policy and no transfer of that personal data will take place to an organization or a country, unless there are adequate controls in place including the security of that personal data.
If you are a resident of an EEA country or Switzerland, you have certain data protection rights with respect to personal data we collect about you while you reside in that country.
We will take reasonable steps to allow you to correct, amend, delete, or limit the use of that personal data. If you wish to do so, please email us at email@example.com.
If you wish to know what personal data we hold about you and if you want us to remove that personal data from our systems, please contact us.
You can contact us and exercise the following rights in relation to the personal data we hold about you:
- the right to access, update or delete the personal data we hold about you;
- the right of rectification - you have the right to have the personal data we hold about you rectified if that personal data is inaccurate or incomplete;
- the right to object. You have the right to object to our processing personal data we hold about you;
- the right of restriction. You have the right to request that we restrict the processing of personal data we hold about you;
- the right to data portability. You have the right to be provided with a copy of the personal data we hold about you in a structured, machine-readable and commonly used format and the right to have us transfer, where we are technically able to do so, the personal data we hold about you to another controller; and
- the right to withdraw consent. Unless we have compelling and legitimate grounds for continuing processing (such as if you hold an account with us), you have the right to withdraw your consent where we relied on your consent to process personal data we hold about you.
We may ask you to verify your identity before responding to any of those requests.
You have the right to complain to a data protection authority about our collection and use of personal data we hold about you. For more information, please contact your local data protection authority in the country (an EEA country or Switzerland) of which you were a resident when we collected personal data about you.