Privacy Policy
Updated: 20 August 2024
Download our Privacy Policy here or read below
RSL Money is a business name of Australian Military Bank Ltd ABN 48 087 649 741 (we, us, our). At Australian Military Bank, we value your trust in us as a member-owned bank.
We are bound by the Privacy Act 1988 (Cth) (Privacy Act), including both Part IIIA (which relates specifically to credit reporting) and the Australian Privacy Principles in Schedule 1 of the Privacy Act, as well as the Privacy (Credit Reporting) Code 2014 (Cth) (Credit Reporting Code).
This Privacy Policy outlines how we handle personal information, including sensitive information and credit information or credit eligibility information. This Privacy Policy incorporates both our privacy policy and our credit reporting policy. This Privacy Policy applies in respect of all of our products and services, including, but not limited to, our RSL Money products and services.
1. Collecting and holding personal information
1.1 Personal information we collect and hold
Personal information is defined in the Privacy Act, and this Privacy Policy, as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information or opinion is true or recorded in a material form. It includes sensitive information (see section 1.2) and credit information or credit eligibility information (see section 1.3).
We will only collect and hold personal information that is related to our providing, or arranging others to provide, products and services to you or which is otherwise related to our business or our potential employment relationship with you. If it is reasonable and practical to do so, we will collect your personal information directly from you. In certain circumstances, we may also collect your personal information from third parties, as explained in this Privacy Policy.
We may collect personal information directly from you in a number of ways, such as when you apply for or use our products and services, when we assess whether to accept a guarantee or other form of credit support from you, when you apply for employment with us, when you contact us and when you use our website located at https://www.australianmilitarybank.com.au/ (Site), including the features on the Site such as our calculator tools.
We may collect the following types of personal information from you:
- name and residential address, date of birth and contact details;
- identification information, including identification information necessary to satisfy legal requirements such as drivers licence or passport details;
- PayID, PayID Name and account details;
- account transaction history;
- credit information or credit eligibility information which we are able to collect directly from you (see section 1.3);
- details of your contact with us, including telephone call recordings, emails and notes on our system;
- the locations where you use our website, mobile applications or access our electronic services;
- employment and former employment details;
- educational qualifications;
- your tax file number;
- facial images which may be captured by CCTV cameras in branch and on ATM’s and also from our third party provider IDVerse for the purpose of customer identification verification requirements
- passwords, passcodes and secret question used to confirm your authorisation of a transaction; and
- information about your financial position.
We may collect the following types of personal information about you from third parties:
- credit reports from credit reporting bodies and other credit information or credit eligibility information from other credit providers or third parties (see section 1.3 below);
- personal, including financial, information from brokers;
- references from any referees you nominate;
- employment information from your employer(s) or former employer(s); and
- information that is publicly available, including from court documents and public registers.
If we do not obtain the personal information about you referred to in this Privacy Policy we may not be able to provide you with the services or products that you have requested, to consider any application from you such as an employment application, or to otherwise conduct business with you.
Our Consumer Data Right (CDR) Policy outlines we deal with your CDR data, how you can access and correct your CDR data, and how you can make an enquiry or complaint under the CDR regime. For more information about CDR, see our CDR Policy here.
1.2 Sensitive Information
The personal information we collect about you may include personal information that is sensitive information. Sensitive information is defined in the Privacy Act and this Privacy Policy to include information about an individual’s health, membership of a professional or trade association or a trade union, any criminal record and other information that is particularly sensitive. We will only collect your sensitive information if:
- you have given consent to us to do so and the information is reasonably necessary for us to carry out our functions or activities;
- the use of this information is required or authorised under Australian law or a court or tribunal order; or
- the information is necessary for the establishment, exercise or defence of a legal or equitable claim or for the purposes of a confidential alternative dispute resolution process.
If your sensitive information is directly provided by you to us on the basis that we may hold, use and disclose that sensitive information in accordance with this Privacy Policy, you will be treated as having consented to its collection.
1.3 Credit information or credit eligibility information
Credit information or credit eligibility information is defined in this Privacy Policy to mean personal information (other than sensitive information) that is collected in connection with an application for credit or a credit facility, such as a loan, and that relates to your creditworthiness and credit history. Credit information or credit eligibility information collected in this context also includes identification information. As credit information or credit eligibility is personal information, the provisions of this Privacy Policy apply to your credit information. However there are some additional provisions that apply only to credit information that are set out in section 5.
The types of credit information or credit eligibility information we collect about you (whether from you or a third party) are:
- your identification information, including identification information listed in section 1.1 and former addresses;
- details of your current and previous loans or other forms of credit and previous credit applications, including your repayment history;
- any information that we may obtain from a credit reporting body, including any credit score for you determined by a credit reporting body based on the information that it holds (the credit reporting bodies that we work with are set out below as is further information regarding the information we obtain from such bodies);
- information relating to your solvency, including information relating to defaults under any credit arrangement and any court judgement relating to your credit and records relating to your bankruptcy or insolvency (if any);
- information regarding any serious fraud relating to your credit; and
- any publicly available information that relates to your creditworthiness.
We may determine a credit score for you based on the credit information that we collect about you. That is also your credit information.
The credit reporting body we work with is: Equifax.
The types of credit information or credit eligibility information we collect from credit reporting bodies includes your credit score, your credit default information, records of other lenders asking any credit reporting body for your information, information about your previous credit history, including repayment history and any other information regarding your credit that a credit reporting body may provide to us.
The contact details for each credit reporting body we work with are set out below. Each of these credit reporting bodies has a credit reporting policy that sets out how they deal with your personal information, which is available from that body’s website.
Equifax
- Website: equifax.com.au
- Phone: 138 332
2. Use and disclosure of personal information
2.1 Why we collect, hold, use and disclose personal information
We collect, hold, use and disclose your personal information for the purpose of providing our products and services to you or otherwise in connection with our business or potential employment relationship with you. In particular, we collect, hold, use and disclose your personal information to:
- confirm or verify your identity;
- assess your eligibility to become a member;
- if you become a member, for our register of members;
- assess and process your applications for products and services, including applications for credit and, if applicable, to assess your eligibility for the Australian Government’s First Home Loan Deposit Scheme;
- assess any proposal for you to provide any guarantee or other credit support to us;
- provide our products and services to you and to manage our relationship with you;
- process payments, charging and billing;
- design, manage and price our membership benefits, services and products;
- marketing purposes, as described in section 2.2;
- conduct market and demographic research in relation to the products and services our members acquire from us;
- minimise risks and identify or investigate fraud and other illegal activities;
- recover any amounts owing by you to us;
- comply with our legal obligations and assist government and law enforcement agencies;
- assess your employment application (if any);
- otherwise manage our business; and
- any other purposes that you may approve from time to time.
2.2 Direct marketing
We may use your personal information to send you information about us and our products and services that we believe may interest you. This includes, where permitted by law (including, for the avoidance of doubt, the Corporations Act 2001 (Cth) (Corporations Act) and the Australian Securities and Investments Commission Act 2001 (Cth)) sending you information about new developments, products, services and special offers by post, telephone, SMS or any form of electronic communication, such as email. We will only send you this information if you have consented to receive it.
You may, at any time, opt out of receiving such direct marketing material by contacting our Privacy Officer (see section 4) or by using the opt out facilities provided in the marketing communications. Even if you opt out of receiving direct marketing material, we will still send you essential information that we are legally required to send you relating to the products and services we provide to you.
2.3 Who we disclose your personal information to
We may disclose your personal information to the following, provided that this is not prohibited under the Privacy Act or the Credit Reporting Code:
- credit reporting bodies;
- other credit providers or financial institutions, for example, when you apply for a loan from another credit provider and you agree to us providing information;
- our cyber and IT security contractors to minimise risks (including for fraud) and block suspicious behaviour using our IT systems;
- clearing and payment providers;
- service providers (including credit card scheme providers) who we engage to provide products or services to our members, including to enable those providers to provide information to you about their products and services;
- trustees and managers of our securitised credit programs;
- entities that have bought or otherwise obtained an interest in your credit products, or that are considering doing so, and their professional advisors;
- our other contractors and third parties we do business with, including data processors, entities that verify identity, card production providers, marketing firms, property valuers, cloud services and other IT services providers, debt collection agencies, lawyers, process servers, mortgage documentation services, auditors and insurers (including property insurers and lender mortgage insurance insurers);
- lawyers, conveyancers, accountants, brokers, advisers and agents advising you and (if applicable) your superannuation fund;
- any guarantor or proposed guarantor of any credit we provide to you;
- persons you use as referees;
- other people (e.g. cardholders) authorised to access or use any of your accounts;
- in respect of any loans made to you that are guaranteed by the Housing Australia (HA) as part of the First Home Loan Deposit Scheme – the HA or the Commonwealth of Australia, if necessary to meet the requirements of that Scheme;
- State or Territory authorities that give assistance to facilitate the provision of home loans to individuals, if necessary to meet the requirements of those authorities;
- law enforcement, regulatory bodies and government agencies as required by law or where otherwise required by law; and
-
any other persons that you may approve from time to time.
3. Personal information security
3.1 How we hold and protect your personal information
We hold your personal information in our systems, databases and archives as well as on cloud-based servers under contractual arrangements with third parties.
We, and our third party suppliers, have security systems in place to guard against unauthorised access, use or disclosure of your personal information, for example we encrypt any data containing your personal information which we transmit via the internet. We also train our staff to handle and manage personal information in a secure and confidential manner. We limit access by our employees to your personal information to circumstances where that access is necessary to allow them to perform their role.
Although we take reasonable measures to guard against interference, we cannot guarantee the security of personal information which is transmitted over the internet.
Our security measures are designed to ensure your personal information is not subject to unauthorised access, loss or misuse. If you reasonably believe that there has been unauthorised use or disclosure of your personal information please contact our Privacy Officer (see section 4).
3.2 What happens when we no longer need your personal information?
We will only keep your personal information for as long as we require it for our purposes. If we no longer require it, we will destroy or de-identify it unless we are required by law to keep it. We are required to keep some of your personal information for certain periods of time under law, such as the Corporations Act, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and the Financial Transaction Reports Act 1988 (Cth).
3.3 Disclosure to third parties and overseas recipients
We currently do not disclose your personal information overseas. However, if we were to disclose this information outside Australia in the future, we will do so on the basis that the information will be used only for the purposes and subject to the security provisions set out in this Privacy Policy in relation to protection of your personal information.
Where we have collected your personal information on behalf of another party (for example, where we are an agent for another product issuer) or we have disclosed your information to a third party at the request of a service provider nominated by you, the use of your personal information by that party is governed by their privacy policy. You should contact them to understand how they might use your personal information.
4. How you can access and/or correct your personal information
You can request access to your personal information at any time by contacting our Privacy Officer.
The contact details for our Privacy Officer are:
- Telephone: 1300 13 23 28
- Email: privacy@australianmilitarybank.com.au
- Address: PO Box H151, Australia Square NSW 1215
We will not charge you to consider a request for access to your personal information but we may charge a document retrieval fee to cover the reasonable costs of retrieving and making copies of your personal information. We will disclose the estimated costs when you make the request. Before we can give you access, we will need to confirm your identity. If you request access to credit reporting information about you that we have obtained from a credit reporting body, we will also advise you to request that the credit reporting body provides access to the credit reporting information it holds about you.
While we will generally provide you with access to your personal information within 30 days of receiving your request, there may be circumstances where we may refuse access to certain personal information (such as where providing that personal information would interfere with another’s privacy). We will give you notice explaining our decision if we are unable to provide you with access.
We take reasonable steps to make sure the personal information that we collect, use or disclose is accurate, complete and up-to-date. However, if you believe your personal information that we hold is incorrect, incomplete or not current, or that it is misleading or irrelevant, you can request that we correct that personal information. If we cannot determine whether the personal information requires correction without consulting with a credit reporting body or another credit provider, we may undertake that consultation before making a determination. We will correct your personal information, or notify you that we have determined no correction is required (and we will provide reasons for that determination), within a reasonable time period and will take reasonable steps to do so within 30 days of receiving a request from you and otherwise within the time periods required by the Credit Reporting Code.
5. Credit reporting bodies
Credit reporting bodies may use your credit reporting information to pre-screen you for direct marketing for credit providers, such as us. You have the right to ask any credit reporting body not to use your credit reporting information for pre-screening purposes. You need to contact each credit reporting body directly and make the request (see section 1.3 for contact details of the credit reporting bodies we work with).
If you believe you have been or are likely to be the victim of fraud, you may request a credit reporting body not to use or disclose the information that they hold about you. If such a notification occurs, that credit reporting body must then not use or disclose the information during a 21 day period (referred to as a ban period) without your consent unless it is required by law. If, on the expiry of that ban period, the credit reporting body believes on reasonable grounds that you are still, or are still likely to be, the victim of fraud, that credit reporting body must extend the ban period for a further period that it considers is reasonable in the circumstances. That credit reporting body must give you a written notice of the extension. You may not be able to access credit during any ban period.
If we provide your personal information to any credit reporting body, it may include it in reports provided to other credit providers. Some of your personal information that we may provide to a credit reporting body or bodies may reflect adversely on your credit worthiness, for example, if you do not make payments to us when they are due or you have undertaken fraud in relation to a credit facility. This may affect your ability to obtain credit from other credit providers in future.
6. Changes to the Privacy Policy
We may make changes to this Privacy Policy from time to time (without notice to you) that are necessary for our business requirements or the law. Our current Privacy Policy is available on our website. Any changes will take effect from the time the updated Privacy Policy is made available on our website. You should check this Privacy Policy regularly so that you are aware of any changes made to this Privacy Policy.
7. Making a complaint
You may make a complaint to us if you consider that we have not complied with this Policy, the relevant provisions of the Privacy Act (including Part IIIA or the Australian Privacy Principles) or the Credit Reporting Code by contacting our Privacy Officer (see section 4).
We will deal with your complaint under our internal dispute resolution procedure. We will give you a copy of our Complaints Handling & Dispute Resolution Guide when you make your complaint.
- Phone: 1300 13 23 28 from Australia or +61 2 9240 4122 from overseas (8am - 6pm, Monday to Friday, Sydney time)
- Email: complaints@australianmilitarybank.com.au
- Visit: your local branch
- Mail: Reply Paid 151, Australia Square NSW 1214
If you are not satisfied with how we handled your complaint you can take the matter to the Australian Financial Complaints Authority (AFCA). AFCA offers a free independent dispute resolution service. Alternatively, you can contact the Office of the Australian Information Commissioner (OAIC). Details to contact AFCA and the OAIC are set out below.
Australian Financial Complaints Authority
- Website: afca.org.au
- Phone: 1800 931 678
- Email: info@afca.org.au
- Mail: GPO Box 3, Melbourne VIC 3001
Office of the Australian Information Commissioner
- Website: oaic.gov.au
- Phone: 1300 363 992
- Mail: GPO Box 5218 Sydney NSW 2001