People First is the way we do business
At Heritage, we do things a little differently to the big banks. We are owned by our customers, not shareholders, so our focus is always on putting People first rather than maximising profits. In everything we do, we put People first.
What personal information do we collect?
Personal information is information or opinion about you that may identify you or by which your identity may be reasonably determined. The types of personal information that Heritage collects and holds may include the following information about customers, potential customers, and associated persons (such as guarantors) which is relevant to our relationship with that person.
- General information such as an individual’s name, contact details (including postal address, email address and telephone numbers ) date of birth, financial details such as income, savings and lending history and expenses or tax file number, gender, marital status and the reason a person might be applying for a financial product from us.
- “Sensitive information” such as information about an individual’s health, religious beliefs, race or ethnic origin. If there are circumstances where we need to collect or disclose sensitive information we will ask for your consent (unless required or permitted by law).
- “Credit information” which includes identification information, employment history, consumer credit liability information, repayment history information, credit enquiry, type of credit sought, default information, court proceedings and personal insolvency information, publicly available information that relates to the individual’s credit worthiness and information about a serious credit infringement. We will hold all of this information about an applicant for credit, a guarantor, or related person (for example, a director of a company which has applied for credit).
- “Credit eligibility information” which means information that has been obtained from a CRB (e.g. a consumer credit report), or personal information that has been derived from that information, that is about an individual’s consumer credit worthiness. The kind of information we might derive from an individual’s consumer credit report includes a credit assessment relating to the individual, an unsuitability assessment, relating to the individual and any internal credit scores.
Why do we collect your personal information?
We will only ask for personal information (including credit information and credit eligibility information) relevant to our business relationship with you and we will tell you why we are asking for it when we collect it. If you do not provide some of your personal information, we may not be able to provide you with some of our products or services or we may be required to restrict operation of a financial product.
Personal information may be collected from you:
- to check your eligibility for or to provide you or some related person (for example, a person you are acting as guarantor for, or a company you are a director of) with financial products or services;
- (unless you ask us not to) to send you information about products or services offered by Heritage or those provided by third parties that may be of interest to you;
- to assist you with your enquiries or concerns;
- to verify your identity and undertake customer due diligence;
- for research, training, product development, risk assessment, risk modelling and marketing requirements; and
- for any other purpose required or authorised by law.
If you have a credit facility with us or are a guarantor we may also collect your information for the purpose of collecting overdue payments relating to credit you owe or a guarantee you have given and for our internal management purposes related to credit provided.
We may also ask for your personal information because we are obliged to collect it under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which requires us to ask you for information to check your identity (for instance, by referring to your driver’s licence, birth certificate or passport).
The National Consumer Credit Protection Act 2009 also requires us to make reasonable enquiries when you apply for credit or a credit limit increase.
We may collect your TFN in order to calculate our withholding obligations as authorised by the Taxation Administration Act 1953 and the Income Tax Assessment Act 1936. You are not required to provide your TFN, however if you do not, we may be required to withhold amounts from you and remit them to the Australian Taxation Office.
How do we collect your personal information?
We collect most personal information directly from you. We may do this when you apply to become a customer, complete an application for one of our products and services, deal with us over the telephone, communicate by post or electronically (such as via email or SMS), through mobile or tablet applications, visiting our website or our branches (including our community branches).
We may monitor and/or preserve telephone calls, postal or email transmissions for the purpose of staff training, quality assurance, security reasons, to verify statements made and to assist with our dispute resolution process.
The technology “cookies” may be used to collect statistical information on our website or online banking. Cookies may also be used for other purposes which help us further enhance our service such as collecting preferences, geographical information and to auto populate. You are able to use your browser settings to manage cookies including preventing the acceptance of some or all cookies. For more information on adjusting browser settings and system requirements please see our website heritage.com.au. If personal information about you is collected by third parties on any website you have accessed through our websites, we may also collect or have access to that information as part of our arrangement with those third parties.
Sometimes, such as where we need to verify your identity, undertake customer due diligence, prevent or detect money laundering or terrorist financing and where we are required or authorised by law we may need to obtain personal information (including credit information and credit eligibility information) about you from a third party. These parties may include banks, financial advisers, family members, your employer, medical practitioners, CRBs, government authorities and publicly available sources of information.
How do we store and protect your personal information?
We store your personal information (including credit information and credit eligibility information) in a number of ways including:
This may include storage on our behalf by trusted third party service providers.
- in computer systems or databases;
- in hard copy or paper files; and
- in telephone recordings.
The security of your personal information is important to us and we take all reasonable precautions to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:
Additional information about the security systems we employ is available at heritage.com.au.
- confidentiality requirements of our employees
- document storage security policies
- returning documents to you or destroying data when no longer required in a secure manner or by de-identifying
- security measures including passwords for access to our systems
- only giving access to personal information to a person who is verified to be able to receive that information
- having confidential face-to-face discussions between you and us in a secure environment
- control of access to our buildings, and
- electronic security systems, such as firewalls, virus software and data encryption on our websites.
Whilst we take all reasonable measures, no data transmission over the internet can be guaranteed to be totally secure.
To assist us we expect you to take appropriate steps to ensure security of your information including keeping your access passwords confidential, destroying any documentation we send to you containing your access passwords and logging out properly when you leave your computer.
Do we disclose your personal information to third parties?
We may disclose your personal information (including credit information and credit eligibility information) to third parties where they help us with our business, or you consent to do so. Where your personal information is disclosed to third parties, we will seek to ensure that the information is held, used or disclosed consistently with the Australian Privacy Principles in Part IIIA of the Privacy Act 1988 and the CR Code.
Types of third parties include:
- parties involved in providing, managing or administering your products or services and assisting us with our business such as third party suppliers, printers, bulk mail services, statement production providers, market research companies, authorised representatives and our legal, tax, audit and accountancy advisers and market research companies;
- parties maintaining, reviewing and developing our business systems, procedures and infrastructure including updating and maintaining our data, testing or upgrading our computer systems;
- alliance partners, for example, where you have a co-branded product such as the Heritage Visa credit card;
- advisers or agents which may include lawyers, mortgage brokers, real estate agents, financial advisers, insurance companies, executors, administrators, trustees or attorneys;
- CRBs, debt collecting agencies, document verification services, your guarantors, organisations involved in valuing, surveying, insuring or registering a security property;
- lenders mortgage insurers (if insurance is required because the amount you borrow exceeds a certain percentage of the property’s value as insured by Heritage);
- parties involved in what is known as “securitisation”, under which we sell a pool of home loans. These third parties include trustees of securitisation arrangements, lenders motgage insurers, investors and their advisers;
- other financial institutions, merchants and payment organisations; and
- the Financial Ombudsman Service and the Superannuation Complaints Tribunal.
We may also disclose your personal information (including credit information and credit eligibility information) to third parties in circumstances where:
- we must fulfill our legal obligations (for example, disclosure to Australian (and international) enforcement bodies such as the Australian Securities and Investments Commission (ASIC), the Australian Taxation Office (ATO), the Australian Transaction Reports and Analysis Centre (AUSTRAC), Centrelink or the Courts) or where you are under 16 or have special needs we may share your information with your parent, legal guardian or any person appointed to manage your affairs;
- it is in the public interest (that is, to protect our interests or where we have a duty to the public to disclose, or where it is necessary in proceedings before a court or tribunal) and where a crime or fraud is committed or is suspected; or
- it can be reasonably inferred from the circumstances that you consent to your personal information being disclosed to a third party.
Your personal information may be sent outside Australia where, for example:
- you have requested or consented that we send your personal information;
- we outsource a function or service to an overseas contractor with whom we have a contractual arrangement; and
- it is necessary to investigate or facilitate a transaction on your behalf.
We will not send your personal information outside Australia unless it is authorised by law and we are satisfied that the recipient of the personal information has adequate data protection arrangements in place. Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.
The countries to which we are likely to disclose your personal information include New Zealand, Singapore, India, China, United Kingdom, France, Phillipines, Germany and the US.
How can you access, update or correct your personal information?
You may request access to your personal information (including credit information and credit eligibility information) at any time. Prior to providing you with access to your information we may require you to establish your identity. We are able to deny access to some or all of your personal information in specified circumstances but will provide the reasons in writing. If you request access to personal information that has been archived, we may charge you a fee but will advise you first.
It is important that you advise us as soon as possible if there is a change to your personal information that needs updating. If you have new contact details (such as postal address, email address or telephone numbers) you should let us know immediately. You may request that we correct any personal information (including credit information and credit eligibility information) we hold about you at any time. If your request relates to credit related information provided by others, we may need to consult with credit reporting bodies or other credit providers.
You can access, update or request a correction to your personal information by:
- visiting one of our branches
- telephoning our Privacy Officer or Contact Centre on 13 14 22
- emailing email@example.com
- visiting heritage.com.au
- writing to The Privacy Officer, Heritage Bank, Limited, PO Box 190 Toowoomba Queensland 4350
If you have any concerns or wish to make a complaint regarding the handling of your personal information, please contact us in any of the following ways:
In Person: at one of our branches
Mail: The Privacy Officer
Heritage Bank Limited
PO Box 190 Toowoomba Queensland 4350
Telephone: 13 14 22
Email: firstname.lastname@example.org or email@example.com or
Go to our website heritage.com.au and click on “contact us” then use the “feedback/enquiries”.
Complaints regarding privacy are referred directly to Heritage’s Privacy Officer and are dealt with in accordance with our Internal Customer Disputes Resolution Process. Information about this process can be found on our website at heritage.com.au or by contacting us using one of the methods above.
We will inform you of the progress of your complaint and let you know how long we expect it will take.
Heritage will acknowledge any specific credit reporting breaches or complaints within 7 days of receipt. Unless there are exceptional circumstances involved in the resolution process, any investigation will be resolved within 30 days of receiving your complaint.
If when the dispute resolution process has been concluded we are unable to resolve your complaint to your satisfaction, you have the option to escalate the complaint to our external dispute resolution service:
The Financial Ombudsman Service (FOS)
GPO Box 3
Melbourne, Victoria, 3001
Ph: 1800 367 287 Fax: 03 9613 6399
You may also obtain further information about privacy or refer a privacy complaint by contacting:
The Office of the Australian Information Commissioner
GPO Box 5218
Sydney, New South Wales, 2001,
Ph: 1300 363 992