The policy was prepared in November 2018.
We may vary this policy from time to time. We will ensure that the most updated version is on our website. We invite you to check the policy on the website from time to time.
Personal information and personal data
Personal information in Australia
In Australia, personal information is information or an opinion about you or from which you can reasonably be identified.
Personal data in the European Economic Area and Switzerland
The General Data Protection Regulation (GDPR) regulates the way we process information, from which you can be identified or from which you are identifiable, that we collect about you while you reside in a country in the European Economic Area (EEA) or Switzerland. There is a list of EEA countries at the end of this section.
This policy refers to that information as “personal data”. The term “personal information” in this policy also includes that “personal data”.
For GDPR purposes, we process personal data about you when we collect and use that personal data. Also, we are the controller of that personal data.
When we collect personal data, we manage that personal data under this policy, the GDPR and any other law that applies to processing that personal data.
If we process personal data about you, there is more information about particular rights the GDPR gives you under the heading “Processing Personal Data under the GDPR” later in this policy.
The EEA countries are:
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the United Kingdom, Iceland, Liechtenstein and Norway.
Collecting personal information
We collect personal information about you when we take a record of that personal information.
We collect personal information about you only where we need to or where that personal information is related directly to Volt Group functions or activities. For example, we may collect personal information about you to:
- supply banking or other services to you;
- manage our commercial relationship with you; or
- promote products and services to you: or
- communicate with you about participating in Volt Labs activities like market research programs, focus groups, surveys or events.
We or our service providers may collect personal information about you including:
- identification information like your name, date of birth, address and contact details;
- information you use or give us when you:
- enquire about our products or services;
- apply to open an account with us or to obtain other products or services;
- use our website;
- ask us, or accept our invitation, to participate in Volt Labs activities;
- information we collect from supplying products or services to you;
- information we collect when you use our website like:
- your IP address;
- the user ID of logged in users; and
- the username of login attempts;
- information we collect about you from participating in Volt Labs activities;
- financial information like your income and expense particulars and your transaction data from other financial institutions when we consider credit applications by you or offers to guarantee credit obligations owed by others to us; and
- credit information like details about your credit history, credit capacity and credit worthiness.
If you are a Volt Bank customer, we may collect other personal information about you from dealing with you to help us conduct our banking activities efficiently.
If you participate in Volt Labs activities, we may collect other personal information about you to:
- help us understand and solve community financial problems better;
- develop or arrange other activities;
- test ideas and get feedback about banking products and services;
- help us develop and improve Volt Bank banking products and services; and
- offer products, services and rewards to you.
- apply for, or have, a loan from us; or
- offer to guarantee or guarantee obligations owed by others to us,
we may exchange personal information about you with credit reporting bodies.
That information may include the following information about you:
- identification information such as your name, date of birth, address and driver’s licence number;
- consumer credit liability information such as credit providers who gave you credit, the types of credit and the maximum amounts of credit available under those arrangements;
- the history of whether you made loan repayments and when repayments were made;
- that requests have been made for access to the credit file the credit reporting body holds about you;
- the types of credit for which you have applied;
- ongoing credit bureau scores;
- when you are at least 60 days overdue on a payment and when you have made those payments or entered into new payment arrangements;
- court judgments relating to you and credit you obtained;
- information about arrangements with creditors and whether you are bankrupt;
- publicly available information about your credit worthiness; and
- that in a credit provider’s opinion, you have committed a serious credit infringement such as:
- obtaining or seeking to obtain credit fraudulently; or
- acting in a way that led your credit provider to believe you no longer wish to comply with your credit obligations and your credit provider has been unable to contact you.
We may use information we get about you from a financial institution or credit reporting body or information we derive from that information to assess your application for credit from us or to assess your ongoing ability to repay a loan or to invite you to apply for another product or service from us.
Why we collect personal information
To help manage our banker-customer relationship
We will collect personal information about you only if we reasonably need that information for our banking functions and activities. For example, we collect personal information about you so we can:
- help us to understand your banking requirements and develop our products and services;
- offer you our products or other products as they become available and that may be of interest to you;
- make products available to you at your request and determine your ongoing ability to service any loan;
- improve the services and products we offer; and
- manage our arrangements with you efficiently.
So you can assist us to build a bank
If you wish to participate or are participating in Volt Labs activities, we will collect personal information about you only if we reasonably need that information for those activities. For example, we may collect personal information about you so:
- you can participate in Volt Labs programs to help us build a bank and improve banking products and services;
- you can participate in social events, competitions and other promotional events connected to participating in Volt Labs activities; and
- we can develop Volt Labs activities in which you may be interested in participating.
Our service providers
Our service providers may collect information about your use of our website, products or services or participating in Volt Labs activities for purposes including:
- helping us to engage with you efficiently;
- helping us to improve and promote the products and services we offer;
- guarding against fraud;
- checking for malicious activity; and
- protecting our websites from specific kinds of attacks.
We may collect personal information about you because the law requires us to do so. For example, the law requires us to collect personal information about you to:
- identify you under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) before we open an account for you or make a loan to you; and
- decide whether a loan would be suitable for you under the National Consumer Credit Protection Act 2009 (Cth).
How we collect personal information
Mostly, we collect personal information about you from you. We may collect personal information about you from other sources, like when:
- you use our website;
- if you apply for a loan from us, when we obtain a credit report about you to consider your loan application; or
- we access your transaction data from other financial service providers to assess both initially and on an ongoing basis whether you can afford a loan with us.
We may collect information about you when you participate in Volt Labs activities.
Sometimes, we collect personal information about you that is available publicly or from others who:
- act for you, like your mortgage broker or another person who refers you to us;
- check information you give us, like confirming your income with your employer if you are applying for a loan from us;
- supply services (like identity verification or loan settlement services) to us;
- give us information to help us decide whether to make a product or service available to you (like credit reporting agencies and other credit and financial service providers) and whether you can continue to meet your repayment obligations; or
- help us manage our arrangements with you.
Unsolicited personal information
If we receive personal information about you that we did not request, we will consider whether we need that information for our banking functions and activities. If not, we will destroy that information or ensure it does not identify you.
What if you do not give us your personal information?
If we do not collect personal information about you, we may not be able to:
- tell you about our products and services;
- supply products and services to you;
- manage our relationship with you, like dealing with a complaint you make to us;
- tell you about other products and services that may interest you;
- arrange for you to participate in Volt Labs programs, focus groups or social events.
Dealing with us anonymously
You may be able to use our website to find out information about us, our products and services or participate in Volt Labs activities by using a pseudonym or without identifying yourself.
However, due to the nature of the banking products and services we supply, the law requires us to identify you when we make our banking products available to you or supply our banking services to you.
Information about other people
If you tell us personal information about another person, we ask that you:
- tell that other person that you have done so; and
- invite that person to contact us to obtain a notice from us about how we manage their personal information.
How we use your personal information
We may use personal information about you to:
- consider any requests or applications you make to us or to our service partners;
- help us to understand your banking requirements;
- assess your ongoing ability to repay any loans;
- refine and develop our products and services;
- tell you about our products and services or products and services from our service partners that may be available to you. That may include telling you about competitions or other promotional events in which we invite you to participate.
That correspondence is direct marketing. You can tell us to stop sending you direct marketing. Please see below for our contact details.
- We may also use personal information about you to:identify you and manage our arrangements with you;
- prevent or investigate conduct that may be fraudulent or criminal;
- if you wish to participate in Volt Labs activities, assist you to participate and to assist us to develop and improve our banking products and services; and
- assist with any other purpose you consent or at your direction.
Stopping direct marketing
You can ask us any time to stop sending you direct marketing information. When we email you with direct marketing, you can respond by clicking unsubscribe and we will stop sending you direct marketing. We do not charge you a fee for asking us to stop direct marketing.
Also, we will not call you with marketing offers if you are on the “Do Not Call” register. You can register on the “Do Not Call” register at www.donotcall.gov.au or phoning 1300 792 958.
Disclosing personal information
We may exchange personal information about you with:
- other companies in the Volt Group;
- credit reporting bodies, if you apply for, guarantee or obtain a loan or any other credit product from us;
- any guarantors or possible guarantor of your obligations to us;
- suppliers that help us to conduct our business. Amongst other suppliers, that may include suppliers that help us to:
- understand your banking requirements;
- improve our products or services;
- verify identity;
- settle loans we make available;
- provide services to help us run our business;
- take appropriate action about suspected unlawful activity or serious misconduct;
- take loan recovery action for us; or
- if you participate in Volt Labs activities, arrange for that participation or analyse information we gather from your participation.
Those suppliers may:
- disclose your personal information to contractors that assist the suppliers to perform services for us;
- track your use of our products, services or website; or
- if you participate in Volt Labs activities:
- assist us to arrange those activities; and
- analyse results from your participation.
Our arrangements with suppliers will limit use of your personal information to the services they supply to us. We will ask suppliers to ensure their arrangements with contractors limit the contractors’ use of your personal information to help the suppliers to perform services for us.
We will require suppliers to return, destroy or de-identify personal information about you that they hold or their sub-contractors hold when they cease performing services for us. If you want information on how those suppliers manage your personal information, please email us at firstname.lastname@example.org;
- your employer to verify employment related information you give us;
- other financial institutions;
- mortgage brokers that introduce you to us and any mortgage aggregator that supplies services to your mortgage brokers;
- any person who refers you to us to obtain services from us;
- regulators or law enforcement bodies;
- dispute resolution bodies or services, to assist with resolving any complaint you make about our products or services or any dispute you may have with us;
- any entity that proposes to take an interest in our business or any of our loans or other assets. That may include entities that are involved in securitising any loan we made available to you; and
- any person at your request or with your consent.
Without limiting who we may exchange personal information about you with, we use Google Analytics services to improve and analyse website and app experiences.
We may share information with Google for that purpose. When you use:
- our website, that information may include the URL of the webpage that you’ve visited and your IP address. Google may also set cookies on your browser or read cookies that are already there; and
- the Volt Labs App, that information may include a device ID, user behaviour and app usage data.
Google uses the information Volt or Volt Labs shares with them to help us understand how you engage with the Volt website and the Volt Labs app. Also, Google may use that information to:
- help it deliver services;
- maintain and improve those services;
- develop new services;
- measure the effectiveness of advertising;
- protect against fraud and abuse; and
- personalise content and ads that you see on Google and on websites and apps that use the Google Analytics service.
If you don’t want Google Analytics to be used in your browser, you can install the Google Analytics browser add-on (https://tools.google.com/dlpage/gaoptout).
Disclosing personal information overseas
We will store information in Australia whenever possible. However, if there is a need to store information overseas (for example, if a service is not available in Australia) we may disclose personal information about you to overseas entities that assist us to conduct our business. It may be necessary for those overseas entities to disclose your personal information under foreign law.
Some of the entities we disclose personal information to are situated in the USA, Switzerland, India and the Philippines.. There may be other overseas jurisdictions, we cannot identify now, in which those overseas entities may hold your personal information. If those entities need to host your personal information overseas we tokenise or hash or take other steps to protect the security of that personal information for better data protection.
We are responsible for any failures by overseas entities to manage your personal information in accordance with the APPs.
Use of Government identifiers
We do not use Government related identifiers (such as tax file numbers or medicare card numbers) to identify you in our records. We may collect and use some of your Government related identifiers, but only for reasons permitted by the Privacy Act, the Australian Privacy Principles (APPs) in the Act or any APP Code we follow. For example, we may use those identifiers to help us to check your identity before we make banking products available to you.
Security of your personal information
We will take steps reasonably available to us to protect your personal information from:
- misuse, interference or loss; and
- unauthorised access, modification or disclosure.
We will do this by ensuring that access to your personal information is password protected and available only to those of our employees that need to use, disclose or manage it under this policy.
Personal information that we can’t protect is personal information that you share with us on our social media channels such as email addresses and first and last names.
Access to your personal information
You can ask for access to the personal information we hold about you. We may ask you to detail the information you require, if you want only some of that personal information.
If you want to access the personal information we hold about you, please email us at email@example.com.
You may also want to access personal information (including credit-related personal information) we have disclosed about you to third parties or to make a complaint to those third parties. The privacy policies of those third parties will tell you how you can make an access request or a complaint to them.
Generally, we will give you access to the information you request. There may be some circumstances, permitted by the APPs, in which we will not give you that access. For example, we may not give you access to information where:
- giving access would have an unreasonable impact on the privacy of others;
- we reasonably believe the request is frivolous or vexatious;
- the information relates to actual or possible legal proceedings between us and you and we would not have to produce that information under orders a court may make in those proceedings;
- giving access would prejudice our interests relating to negotiations we are having with you or investigations we are making into unlawful activity or misconduct of a serious nature;
- the law or a court or tribunal order prevent us from giving you access; or
- giving access would reveal certain information we generate internally relating to a commercially sensitive decision-making process.
We will give you written reasons if we refuse to give you access to personal information you request, unless there are reasonable grounds (such as confidentiality obligations we owe) for not giving you those reasons. In any case, we will give you an explanation if we do not give you access to information because of a commercially sensitive decision-making process.
We will give you access to the information you request in the manner you request (for example, by email), if we are reasonably able to do so. If we are not able to do so or if we have a reason for not giving you access to all the information you request, we will work with you to give you access to personal information we hold about you in a way that meets your needs and our needs.
We will respond to any request you make for access to the personal information we hold about you within a reasonable time after you make the request. The time it takes will depend on the amount of information you seek and whether we have to make more enquiries of you to clarify your request. We expect to respond to any request you make for access within 30 days after we receive your request.
Depending on the amount of information you request, we may charge you a fee for organising the information you request from us. We will give you an estimate of the fee before we organise the information. Then, we can work with you to check whether you wish to limit your request to reduce the charges.
Correcting your personal information
We take steps, reasonably available to us, to ensure that the personal information we hold about you is accurate, up-to-date and complete. To assist us, we ask that you contact us and update the personal details we hold about you (for example, your name, address and contact details), if those details change. You can contact us by email to firstname.lastname@example.org.
You may consider that the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading. You can request us to correct the personal information we hold about you by email to email@example.com.
If we receive your request to correct information but consider that the information does not need correcting, we will give you a written notice setting out our reasons. Also, we will give you details of how you can:
- ask us to associate a statement to the information you consider to be incorrect; or
- make a complaint about us refusing to correct information.
We will respond to any correction request you make within a reasonable time after you make the request.
We will not charge you for correcting or associating a statement to personal information at your request.
If you have a complaint about the way we manage the personal information we hold about you, please email us at firstname.lastname@example.org.
If we cannot resolve your complaint in a manner that is satisfactory to you and within 30 days of receiving your complaint, we will tell you how you can take your complaint to the external dispute resolution scheme of which we are a member or the Office of the Australian Information Commissioner (OAIC).
We are a member of the Australian Financial Complaints Authority (AFCA). You can lodge a complaint with AFCA by visiting the AFCA website at www.afca.org.au.
You can make a complaint to the OAIC by using the privacy complaint form available at www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint and submitting it online, by post, fax or email.
It is free to make a complaint to us, AFCA or the OAIC.
Data breach reporting
We will comply with any relevant laws to notify you and a regulator that the security of the personal information we hold about you has been breached.
Processing Personal Data Under General Data Protection Regulation (GDPR)
Processing personal data
Just a reminder: “personal data” is information, from which you can be identified or from which you are identifiable, that we collect about you while you reside in a country in the European Economic Area (EEA) or Switzerland.
In addition to other reasons set out in this policy, we may process personal data about you because:
- you have permitted us to do so to:
- help us understand your banking requirements and develop our products and services;
- offer you our products or other products as they become available and that may be of interest to you;
- we need to perform an agreement (such as a contract to hold an account) we have with you;
- the processing is in our legitimate interests and those interests are not overridden by your rights; or
- we need to do so to comply with the law.
Retaining personal data
We will retain personal data about you only for as long as is necessary for the purposes set out in this policy. We will retain and use that personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Transferring personal data
We may transfer personal data about you to, and maintain it on, computers located outside of your State, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.
We may transfer that personal data to Australia and process it there or to other jurisdictions. Also, please read the particulars under the heading Disclosing personal information overseas in this policy.
We will take all steps reasonably necessary to ensure that personal data about you is treated securely and in accordance with this policy and no transfer of that personal data will take place to an organization or a country, unless there are adequate controls in place including the security of that personal data.
Data Protection Rights Under the GDPR
If you are a resident of an EEA country or Switzerland, you have certain data protection rights with respect to personal data we collect about you while you reside in that country.
We will take reasonable steps to allow you to correct, amend, delete, or limit the use of that personal data. If you wish to do so, please email us at email@example.com.
If you wish to know what personal data we hold about you and if you want us to remove that personal data from our systems, please contact us.
You can contact us and exercise the following rights in relation to the personal data we hold about you:
- the right to access, update or delete the personal data we hold about you;
- the right of rectification - you have the right to have the personal data we hold about you rectified if that personal data is inaccurate or incomplete;
- the right to object. You have the right to object to our processing personal data we hold about you;
- the right of restriction. You have the right to request that we restrict the processing of personal data we hold about you;
- the right to data portability. You have the right to be provided with a copy of the personal data we hold about you in a structured, machine-readable and commonly used format and the right to have us transfer, where we are technically able to do so, the personal data we hold about you to another controller; and
- the right to withdraw consent. Unless we have compelling and legitimate grounds for continuing processing (such as if you hold an account with us), you have the right to withdraw your consent where we relied on your consent to process personal data we hold about you.
We may ask you to verify your identity before responding to any of those requests.
ComplaintsYou have the right to complain to a data protection authority about our collection and use of personal data we hold about you. For more information, please contact your local data protection authority in the country (an EEA country or Switzerland) of which you were a resident when we collected personal data about you.