By providing personal information to us, you consent to the collection, use and disclosure of your information in accordance with this Policy and any other arrangements that apply between us. As some of our related companies may have specific legal requirements, they may have separate, but consistent policies. Please view these if they are more relevant to your relationship with the Group.
Also, this policy covers some Challenger Group entities (each a Challenger Group entity) for whom Advantedge Financial Services supplies administration functions relating to loans funded by a Challenger residential loan programme. Those Challenger Group entities are Challenger Mortgage Management Pty Ltd ACN 087 271 109, Challenger Non-Conforming Finance Pty Ltd ACN 107 725 486 and Challenger Special Servicing Pty Ltd ACN 107 707 415.
This Policy also includes our credit reporting policy, that is, it covers additional information on how we manage your personal information collected in connection with a credit application, or a credit facility. We refer to this credit-related information below as credit information.
What personal information do we collect and hold?
The types of information that we collect and hold about you could include:
ID information such as your name, postal or email address, telephone numbers, and date of birth (this may also include voice biometrics, where permitted);
other contact details such as social media handles;
financial details such as your tax file number and bank account, superannuation or insurance policy information;
credit information such as details relating to credit history, credit capacity, and eligibility for credit (‘credit worthiness’); and
other information we think is necessary.
Over the course of our relationship with you, we may collect and hold additional personal information about you, including transactional information, complaint or enquiries about your product or service.
Information from a credit reporting body
When we’re checking your credit worthiness and at other times, we might collect information about you from and give it to credit reporting bodies. This information can include:
ID information: a record of your name(s) (including an alias or previous name), date of birth, gender, current or last known address and previous two addresses, name of current or last known employer and drivers licence number.
Information request: a record of a lender asking a credit reporting body for information in relation to a credit application, including the type and amount of credit applied for.
Default information: a record of your consumer credit payments being overdue.
Serious credit infringement: a record of when a lender reasonably believes that there has been a fraud relating to your consumer credit or that you have avoided paying your consumer credit payments and the credit provider can’t find you.
Personal insolvency information: a record relating to your bankruptcy or your entry into a debt agreement or personal insolvency agreement.
Court proceedings information: an Australian court judgment relating to your credit.
Publicly available information: a record relating to your activities in Australia and your credit worthiness.
Consumer credit liability information: certain details relating to your consumer credit, such as the name of the credit provider, whether the credit provider has an Australian Credit Licence, the type of consumer credit, the day on which the consumer credit was entered into and terminated, the maximum amount of credit available and certain repayment terms and conditions.
Repayment history information: a record of whether or not you’ve made monthly consumer credit payments and when they were paid.
Payment information: If a lender gave a credit reporting body default information about you and the overdue amount is paid, a statement that the payment has been made.
New arrangement information: If a lender gave a credit reporting body default information about you and your consumer credit contract is varied or replaced, a statement about this.
We base some things on the information we get from credit reporting bodies, such as:
our summaries of what the credit reporting bodies tell us; and
credit scores. A credit score is a calculation that lets us know how likely a credit applicant will repay credit we may make available to them.
Such information is known as credit eligibility information.
What sensitive information do we collect?
Sometimes we need to collect sensitive information about you. For instance in relation to some insurance applications we do on behalf of others. This could include things like medical checks, medical consultation reports or other information about your health. Unless required by law, we will only collect sensitive information with your consent.
When the law authorises or requires us to collect information
We may collect information about you because we are required or authorised by law to collect it. There are laws that affect financial institutions, including company and tax law, which require us to collect personal information. For example, we require personal information to verify your identity under Commonwealth Anti-Money Laundering law.
What do we collect via your website activity?
When you use our websites or mobile applications we may collect information about your location or activity including IP address, telephone number and whether you’ve accessed a third party site.
If you use our online services, we monitor your use of those online interactions. This is done to ensure we can verify you and can receive information from us, to identify ways we can improve our services for you and to understand you better.
If you start but don’t submit an on-line application, we can contact you using any of the contact details you’ve supplied or other contact details we have for you to offer help (unless the application states your use is anonymous). The information in applications will be kept temporarily then destroyed if the application is not completed.
We also know that some customers like to engage with us through social media channels. We may collect information about you when you interact with us through these channels. However for all confidential matters, we’ll ensure we interact with you via a secure forum.
To improve our services and products, we sometimes collect de-identified information from web users. That information could include IP addresses or geographical information to ensure your use of online services is secure.
We also collect de-identified information if you use one of our calculators or other programs. Although the information collected does not identify an individual, it does provide us with useful statistics so that we can analyse and improve our online services.
How do we collect your personal information?
How we collect and hold your information
There are many ways we seek information from you. We might collect your information when you fill out a form with us, when you’ve given us a call or used our websites. In addition, when you use our website or mobile applications we may collect information about your IP address, location or activity. We also find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details, including doing e-verification of identity (e-Know Your Customer). However, we’ll never ask you for your security details in this way – if you are ever unsure, just contact us.
We will try to collect personal information directly from you unless it’s unreasonable or impracticable. For this reason, it’s important that you keep your contact details up-to-date.
How we collect your information from other sources
Sometimes we collect information about you from other sources. We may collect information about you that is publicly available, for example from public registers, social media or made available by third parties. We do this where:
we distribute or arrange products on behalf of others, including our trusted partners;
we can’t get hold of you and need to update your contact details;
we need information from third parties about an application you make through us;
we are checking the security you are offering;
we can learn insight about your financial needs, such as through property information;
you have consented to third parties sharing it with us, such as:
organisations we sponsor or have loyalty programs with;
media organisations, and social networking sites; and
at your request, we exchange information with your legal or financial advisers or other representatives.
We may use or disclose information about you in order to combine the information that we hold about you with information about you collected from or held by external sources. We do this in order to enable the development of consumer insights about you so that we can serve you better. This includes being able to better understand your preferences and interests, personalise your experience, enhance the products and services you receive, and to tell you about products and services that may be of interest to you. Where those insights are provided to others, such insights are based on aggregated information and do not contain any information that identifies you. We may also use service providers to undertake the process of creating these consumer insights.
What if you don’t want to provide us with your personal information?
If you don’t provide your personal information to us, we may not be able to:
provide you with the product or service you want;
manage or administer your product or service;
personalise your experience with us;
verify your identity or protect against fraud; or
let you know about other products or services from across the NAB Group that might better meet your financial, e-commerce and lifestyle needs.
How we collect and hold your credit information
We will collect your credit information from details included in your application for credit (whether paper based, phone or electronic) and from the records we maintain about the products or services you receive from us. In addition to what we say above about collecting information from other sources, other main sources for collecting credit information are:
credit reporting bodies;
other credit providers;
your co-loan applicants or co-borrowers;
your guarantors/proposed guarantors;
your employer, accountant, real estate agent or other referees;
your agents and other representatives like your referrers, brokers, solicitors, conveyancers and settlement agents;
organisations that help us to process credit applications such as mortgage managers;
organisations that check the security you are offering such as valuers;
organisations involved in the securitisation of our loans such as loan servicers, trust managers, trustees and security trustees;
organisations providing lenders mortgage insurance and title insurance for us;
bodies that issue identification documents to help us check your identity; and
our service providers involved in helping us to provide credit or to administer credit products, including our debt collectors and our legal advisers.
What do we do when we get information we didn’t ask for?
Sometimes people share information with us we haven’t sought out. Where this happens, we will check whether that information is reasonably necessary for our functions or activities. If it is, we’ll handle this information the same way we do with other information we seek from you. If not, we’ll ensure we do the right thing and destroy or de-identify it.
When will we notify you that we have received your information?
When we receive personal information from you, we’ll take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint.
Where we collect your personal information from third parties (and you’re not necessarily aware), if that information can be used to identify you, we will take reasonable steps to notify you of the circumstances of that collection.
We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:
confidentiality requirements of our employees;
document storage security policies;
security measures for access to our systems;
only giving access to personal information to a person who is verified to be able to receive that information;
control of access to our buildings; and
electronic security systems, such as firewalls and data encryption on our websites.
We can store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.
What happens when we no longer need your information?
We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law, such as the Corporations Act, the Anti-Money Laundering & Counter-Terrorism Financing Act, and the Financial Transaction Reports Act for example. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.
How we use your personal information
What are the main reasons we collect, hold and use your information?
Because we offer a range of services and products, collecting your personal information allows us to provide you with the products and services you’ve asked for. This means we can use your information to:
provide you with information about products and services, including financial help, guidance and advice;
consider your request for products and services, including your eligibility;
process your application and provide you with products and services; and
administer products and services which includes answering your requests and complaints, varying products and services, conducting market research, taking any required legal action in relation to our accounts and managing our relevant product portfolios.
Can we use your information for marketing our products and services?
From time to time, we’d like to share what we know about our products and Group products with you. We may use or disclose your personal information to let you know about products and services from across the Group that might be of interest to you. We will not do this if you tell us not to. Unless you tell us not to, we may disclose your personal information to our related companies or to our trusted partners so they can tell you about their products and services.
We may conduct these marketing activities via email, telephone, SMS, iM, mail, or any other electronic means, including targeted advertising through NAB Group or non-Group websites.
We may also market our products to you through third party channels (such as social networking sites) or via other companies who assist us to market our products and services. If you don’t want to receive marketing offers in this way, please contact us.
Where we market to prospective customers, we are happy to let them know how we obtained their information and will provide easy to follow opt-outs.
We may also disclose your personal information to companies outside the NAB Group who assist us to market our products and services to you. With your consent, we may disclose your personal information to third parties such as brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time. We won’t sell your personal information to any organisation outside of the Group.
Yes, You Can Opt-Out
You can let us know at any time if you no longer wish to receive direct marketing offers from the Group. Please see our contact details at the end of this policy. We will process your request as soon as practicable.
We know that you may prefer to receive some types of messages over others, so where possible we will offer you a choice. You can always change your mind or update these choices too.
Where you have subscribed to something specific (like to hear from one of our sponsored organisations) then these subscriptions will be managed separately. If you no longer wish to receive these emails click the unsubscribe link included in the footer of our emails.
What are the other ways we use your information?
We’ve just told you some of the main reasons why we collect your information, so here’s some more insight into the ways we use your personal information including:
giving you information about a product or service;
considering whether you are eligible for a product or service;
processing your application and providing you with a product or service;
administering the product or service we provide you, which includes answering your requests and complaints, varying products and services and managing our relevant product portfolios;
identifying you or verifying your authority to act on behalf of a customer;
telling you about other products or services that may be of interest to you, or running competitions and other promotions (this can be via email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums), unless you tell us not to;
identifying opportunities to improve our service to you and improving our service to you;
determining whether a beneficiary will be paid a benefit;
assisting in arrangements with other organisations (such as loyalty partners) in relation to a product or service we make available to you;
allowing us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing);
preventing or investigating any fraud or crime, or any suspected fraud or crime;
as required by law, regulation or codes binding us; and
for any purpose for which you have given your consent.
How we use your credit information
In addition to the ways for using personal information mentioned above, we may also use your credit information to:
enable a mortgage insurer or title insurer to assess the risk of providing insurance to us or to address our contractual arrangements with the insurer;
assess whether to accept a guarantor or the risk of a guarantor being unable to meet their obligations;
consider hardship requests; and
assess whether to securitise loans and to arrange the securitising of loans.
Who do we share your personal information with
To make sure we can meet your specific needs and for the purposes described in ‘How we use your personal information’, we sometimes need to share your personal information with others. We may share your information with other organisations for any purposes for which we use your information.
Sharing with the Group
We may share your personal information with other Group members. This could depend on the product or service you have applied for and the Group member you are dealing with, but will not differ from those purposes outlined above. Where appropriate we may integrate the information we hold across the NAB Group to provide us with a complete understanding of your product holdings and your needs.
Sharing at your request
We may need to share your personal information with:
your representative or any person acting on your behalf (for example, financial advisers, lawyers, settlement agents, accountants, executors, administrators, trustees, guardians, brokers or auditors); and
your referee such as your employer (to confirm details about you).
Sharing with Credit Reporting bodies
We may disclose information about you to a credit reporting body if you are applying for credit or you have obtained credit from us or if you guarantee or are considering guaranteeing the obligations of another person to us or you are a director of a company that is a loan applicant or borrower or guarantor. When we give your information to a credit reporting body, it may be included in reports that the credit reporting body gives other organisations (such as other lenders) to help them assess your credit worthiness.
Some of that information may reflect adversely on your credit worthiness, for example, if you fail to make payments or if you commit a serious credit infringement (like obtaining credit by fraud). That sort of information may affect your ability to get credit from other lenders.
Sharing with third parties
We may share your personal information with third parties outside of the Group, including:
those involved in providing, managing or administering your product or service;
authorised representatives of the Group who sell products or services on our behalf;
credit reporting bodies or other approved third parties who are authorised to assess the validity of identification information;
investment, superannuation and managed funds organisations, and their advisers and service provider, and if your insurance is held in super, to superannuation organisations and their advisers;
medical professionals, medical facilities or health authorities who verify any health information you may provide;
real estate agents, valuers, insurers (including lenders’ mortgage insurers and title insurers), re-insurers, claim assessors and investigators;
brokers or referrers who refer your application or business to us;
other financial institutions, such as banks;
organisations involved in debt collecting, including purchasers of debt;
fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature);
organisations involved in surveying or registering a security property or which otherwise have an interest in such property;
real estate agents;
organisations we sponsor and loyalty program partners, including organisations the NAB Group has an arrangement with to jointly offer products or has an alliance with to share information for marketing purposes;
government or regulatory bodies (including the Australian Securities and Investments Commission and the Australian Tax Office) as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities);
media or social networking sites that provide us with opportunities to place messages in front of you;
our accountants, auditors or lawyers and other external advisers;
rating agencies to the extent necessary to allow the rating agency to rate particular investments;
any party involved in securitising your facility, including re-insurers and underwriters, loan servicers, trust managers, trustees and security trustees;
guarantors and prospective guarantors of your facility;
organisations that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems;
organisations that participate with us in payments systems including merchants, payment organisations and organisations that produce cards, cheque books or statements for us;
our joint venture partners that conduct business with us;
organisations involved in a corporate re-organisation or transfer of Group assets or business;
organisations that assist with our product planning, analytics, research and development;
mailing houses and telemarketing agencies and media organisations who assist us to communicate with you;
other organisations involved in our normal business practices, including our agents and contractors as well as our accountants, auditors or lawyers and other external advisers; and
where you’ve given your consent.
Sharing outside of Australia
The Group runs its business in Australia and overseas.
AFSH Nominees, Advantedge Financial Services and Challenger Group entities do not share information about you with organisations outside Australia.
A Group member may need to share some of your information it collects from us about you (including credit information) with organisations outside Australia. Sometimes, they may need to ask you before this happens. You can view a list of the countries in which those overseas organisations are located at www.nab.com.au/overseas-countries-list/.
We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed.
Overseas organisations may be required to disclose information a Group member shares with them under a foreign law. In those instances, that Group member will not be responsible for that disclosure.
We will not share any of your credit information with a credit reporting body, unless it has a business operation in Australia. We are not likely to share credit information we obtain about you from a credit reporting body or that we derive from that information.
How do you access your personal information?
How you can generally access your information
We‘ll always give you access to your personal information unless there are certain legal reasons why we can’t. You can ask us in writing to access your personal information that we hold. In some cases we may be able to deal with your request over the phone. Our contact details are at the end of this policy.
We will give you access to your information in the form you want it where it’s reasonable and practical (such as a copy of a phone call you may have had with us – we can put it on a disk for you). We may charge you a small fee to cover our costs when giving you access, but we’ll always check with you first.
If we can’t give you access, we will tell you why in writing. If you have concerns, you can complain. See ‘Contact Us’.
How to access your credit eligibility information
Where you request access to credit information about you that we’ve got from credit reporting bodies (or based on that information),we will:
provide you access to the information within 30 days (unless unusual circumstances apply); and
ask you to check with credit reporting bodies what information they hold about you.
This is to ensure it is accurate and up-to-date.
We are not required to give you access to this information if:
it would be unlawful; or
it would be likely to harm the activities of an enforcement body (e.g. the police).
We may also restrict what we give you if it would harm the confidentiality of our commercial information.
If we can’t give you access, we will tell you why in writing. If you have concerns, you can complain to our external dispute resolution scheme, the Australian Financial Complaints Authority (AFCA) or the Office of the Australian Information Commissioner.
How do you correct your personal information?
Contact us if you think there is something wrong with the information we hold about you.
Our contact details are at the end of this policy. If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can - if we can’t, then we’ll let you know in writing.
Correcting your credit information
Whether we made the mistake or someone else made it, we are required to help you correct the information within 30 days. If we can’t make a correction in that timeframe, we will ask you for extra time. We also might need to talk to others in order to process your request. The most efficient way for you to make a correction request is to ask the organisation which made the mistake.
Whether we’re able to correct the information or not, we’ll let you know within five business days of deciding to do this. If we can’t we will provide reasons. We’ll also let the relevant third parties know as well as any others you tell us about. If there are any instances where we can’t do this, then we’ll let you know in writing. If you have any concerns, you can access the Credit and Investments Ombudsman service or make a complaint to the Office of the Australian Information Commissioner.
How do you make a complaint?
If you have a complaint about how we handle your personal information, we want to hear from you. You are always welcome to contact us.
You can contact us by using the details below:
The Privacy Officer
Advantedge Financial Services
101 Collins Street
Melbourne Vic 3000
If you subsequently feel that the issue has not been resolved to your satisfaction, you may contact:
the Australian Financial Complaints Authority (AFCA), the external dispute resolution scheme is a free service established to provide you with an independent mechanism to resolve financial services complaints:
What about complaints relating to credit information?
We will let you know how we will deal with your complaint within seven days.
If we can’t fix things within 30 days, we’ll let you know why and how long we think it will take. We will also ask you for an extension of time to fix the matter. If you have any concerns, you may complain to the Credit and Investments Ombudsman or the Office of the Australian Information Commissioner.
If your complaint relates to how we handled your access and correction requestsyou may take your complaint directly to the Credit and Investments Ombudsman or the Office of the Australian Information Commissioner. You are not required to let us try to fix it first.
As outlined above, if you apply for credit or have a credit facility with us, we may give your personal information to one or more credit reporting bodies. The contact details of the credit reporting bodies we may use are outlined below. Each credit reporting body has a credit reporting policy about how they handle your information. You can obtain copies of these policies at their websites.
Mail: Consumer Support Experian Australia, P.O. Box 1969, North Sydney, NSW, 2060
Contact credit reporting bodies if you think you have been the victim of a fraud
If you believe that you have been or are likely to be the victim of fraud (including identity fraud), you can request a credit reporting body not to use or disclose the information they hold about you. If you do this, the credit reporting body mustn't use or disclose the information during an initial 21 day period without your consent (unless the use or disclosure is required by law).This is known as a ban period.
If, after the initial 21 day ban period, the credit reporting body believes on reasonable grounds that you continue to be or are likely to be the victim of fraud, the credit reporting body must extend the ban period as they think reasonable in the circumstances. The credit reporting body must give you a written notice of the extension.
Contact credit reporting bodies if you don’t want your information used by them for direct marketing/pre screening purposes.
Credit reporting bodies can use the personal information about you that they collect for a prescreening assessment at the request of a credit provider unless you ask them not to. A pre screening assessment is an assessment of individuals to see if they satisfy particular eligibility requirements of a credit provider to receive direct marketing. You have the right to contact a credit reporting body to say that you don't want your information used in prescreening assessments. If you do this, the credit reporting body must not use your information for that purpose.
What if you want to interact with us anonymously or use a pseudonym?
If you have general enquiry type questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way however as we are often governed by strict regulations that require us to know who we’re dealing with.
This Policy may change. We will let you know of any changes to this Policy by posting a notification on our website. Any information collected after an amended privacy statement has been posted on the site, will be subject to that amended privacy statement. In addition, over the course of our relationship with you, we may tell you more about how we handle your information. This could be when you complete an application or form, or receive important disclosure documents from us, such as terms and conditions. We recommend that you review these statements too as they may have more specific detail for your particular product.
We care about what you think. Please contact us if you have any questions or comments about our privacy policies and procedures. We welcome your feedback.
 Consumer credit is credit that is intended to be used wholly or primarily:
for personal, family or household purposes; or
to acquire, maintain, renovate or improve residential property for investment purposes or to refinance credit for any of these purposes.
 Consumer credit liability information and repayment history information: These information types can only be provided to credit reporting bodies on and after 12 March 2014 in connection with a consumer credit facility.
 Sensitive information is information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, genetic or biometric information.