ME Bank Privacy Policy

About ME

In this policy:
‘ME’, ‘we’, ‘us’ or ‘our’ means ME Bank – a division of Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence Number 244616. BOQ Group means Bank of Queensland and its related companies.

Every Australian deserves to get the most out of their money – and ME is here to help them do it. But you also deserve to have your personal information protected, which is why we have this Privacy and Credit Reporting Policy – a document that outlines exactly how we collect, store and use the personal information and credit information that you give us, and create biometric information from information sourced from vendors as well as your installed application information for the purpose of risk profiling. This policy also describes how you can access or correct information about you and how to make a complaint.

Protecting your privacy involves more than just our own approach. We work with a carefully selected group of third parties including service providers, alliance partners, insurers, credit card companies, mortgage aggregators, brokers, retailers and technology and data companies. All of them help us deliver the services we give to you – but because our work with them can involve us sharing your personal information with them, this policy is also about how and when we share that information.

By interacting with us you consent to the collection, holding, use and disclosure of your personal information and biometric information in the ways we have referred to in this Privacy and Credit Reporting Policy.

Our commitment

We collect your personal and credit information so we can offer you the best possible banking experience.

We know it’s important that we handle your details carefully, responsibly and securely. You’ve entrusted us with your personal information and we’ll do everything we can to justify that trust.

Plus, we’re committed to complying with legislation like the Privacy Act (including the Australian Privacy Principles, Credit Reporting and mandatory data breach notification) and the Privacy (Credit Reporting) Code, which lay out how we should treat your personal information.

Definitions

Personal information

Is information or an opinion about an individual or someone who can be reasonably identified from that information including things like name, address, email address, date of birth, tax file number (TFN), driver’s licence number.

Installed Application Information

Means information about the applications a user has installed on their device, including the app name, package, installed date and app permissions.

Biometric information

Means a type of information that is distinct from personal information and is used for security or authentication purposes. It can include various attributes such as facial features, liveliness, behavioural patterns or cognitive analysis.

Credit information

When we talk about ‘credit information’ in this policy, this includes:

• information about your past experience with us or other lenders
• credit worthiness information
• the kinds of credit products you have or have applied for
• how you have managed your obligations
• information we get from credit reporting bodies in a credit report

Sensitive information

Sometimes we might need to collect sensitive personal information including biometric data (e.g. signature, call recordings), criminal history, trade union membership, health information if relevant (e.g. if you ask for hardship assistance due to illness), nationality, racial or ethnic origin (e.g. we may ask you what language you speak if you request a translator). We’ll only do this with your permission or when we’re required by law.

The information we collect and hold

From you

ME collects and holds your personal information so we can provide you with our products and services. Some of the information we collect is because we’re required to do so by law and most of the information will be collected directly from you or when it is provided to us with your authority. We’ll tell you the main reasons for collecting your personal information when we ask for it. This could include things like:

• your full name and contact details
• information that can identify you, including date of birth, driver’s licence number, TFN,
• passport details and residence status
• income and other financial and transaction information
• bank account and credit card details
• responses to market research surveys or competition entries
• your superannuation information

As you interact with us over time, we may also collect and hold additional personal information, including when you use your account, call, email or sms, use live chat or our website or mobile app, dealing with a complaint or enquiry about your products or services.

You may also choose to share full name, mobile number & email address information for specific contacts from your mobile devices contacts list when you use our mobile app. This information will be used to add new payee details to make adding a payee easier

We understand personal and life events may result in unexpected changes to your financial situation. For example, a relationship breakdown or a death in the family, when impacted by an emergency event or natural disaster or an illness or losing your job. So we can support you during these times, including when we are managing a hardship application, we may ask you to provide personal information related to your personal circumstances.

We may also create behavioral biometric information derived from the information sourced from you and our vendors. We may also collect your installed application information to help prevent financial crime.

Where relevant for credit accounts, we may also collect:

• marital status and number of dependents
• credit information (see section headed credit information below for more details)
• income and expense details
• details of council rate notices, contracts of sale and property insurance

In some cases you might need to give us personal information about other people – such as when you have an authorised representative. In those situations we’re relying on you to tell those people that you’re giving us their details, and to let them know about this policy.

From others

There are some cases where we might collect personal and/or credit information about you from members in the BOQ Group or other people or organisations such as our alliance partners, service providers, agents, advisors, brokers, other credit providers, employers or your family members.

For example, if you apply for a credit card or a loan we might need to ask a credit reporting body for your credit report or conduct a property valuation. We may also collect financial and transaction information from other financial institutions either directly or through you and/or a third party service provider.

We may use information we receive about you from our alliance partners such as insurers, to help us identify and tell you about products and services that may be of interest to you and for administrative purposes.

We might also collect information when you use our online banking services, visit our website, or use our mobile app, including things like your location, IP address and your activity on our sites. You can find out more about the kind of information we store under the online data collection section.

Sometimes we might collect information about you that’s publicly available – for example, from things like social media, telephone directories or public registers e.g. Australian Securities and Investments Commission (ASIC), Australian Business Register (ABR).

We’ll only collect information in this way if it is impractical to collect it directly from you, or when we’re permitted to do so.

When authorised or required by law

There are laws which require us to collect and/or share information. For example, under the Anti- Money Laundering law ME is obligated to collect your information and verify your identity from particular documents (e.g. passport, driver’s licence, birth certificate).

We must also fulfil our legal obligations to Australian and overseas enforcement bodies including Australian Transaction Reports and Analysis Centre (AUSTRAC).

We may collect your TFN when you open a deposit account and although it’s not compulsory to provide it, if you choose not to, we may deduct withholding tax from your interest payments at the highest marginal rate.

We may also ask you about your taxation residency status. If you’re a tax resident of another country we may need to collect your relevant foreign tax identification number. Sometimes, we may also be required to share some of your personal information with the Australian Taxation Office, who may exchange this information with tax authorities in other countries in accordance with intergovernmental agreements.

When applying for credit, the National Consumer Credit Protection Act requires ME to make inquiries about your financial commitments, income and liabilities, so we can make an informed decision when assessing your application.

When we get information we didn’t ask for

Sometimes we get given personal information that we haven’t asked for. If we think this information is needed we’ll keep it securely, just like the rest of your details. Otherwise, we’ll destroy or de-identify it.

How we use your information

Generally, we’ll use (and sometimes share) your personal information to manage your accounts and improve the service you get.

Here are some of the specific things we use and share your personal information for:

• verifying your identity or your authority to act on behalf of a customer
• establish your tax status under any Australian or foreign law
• assessing your applications for products or services
• delivering our products and services
• protecting your accounts by preventing or investigating actual or suspected fraud or crime,
• as well as improving the systems we use to do this
• assisting with your questions or complaints and/or manage any legal action between you and ME
• reviewing customer feedback and assessing how you use our products and services
• monitoring and reviewing call recordings, online chats and other business activity for quality
• assurance, training and compliance purposes
• internal operations, such as account and risk management, record keeping and auditing
• customer relations including managing our relationship with you, and market or customer
• satisfaction research and product development
• if you are a member of, or you have a product with members of the BOQ Group or any alliance partner, we may use your information for the purpose of providing benefits to you or to obtain aggregate information for statistical or research purposes
• marketing products and services which may include pre-screening assessments by a third party
• reporting and data analytics, including for regulatory, management, fraud detection and research purposes
• developing and testing our technology systems
• collecting overdue payments
• supporting financial activities, like payments and securitisation
• complying with relevant laws, regulations, codes of practice and external payment systems
• for any purpose where you have given consent
• profiles using installed application information for the purpose of improving customer experience and security measures

How we use your information for direct marketing

We’re coming up with new products and services all the time, and we’ll use your personal information to offer you products and services that we think you might be interested in. Also, we may disclose your personal information to members within the BOQ Group or to an alliance partner with which we have arrangements so they may help to provide services, or contact you about other products or services that you may be interested in.

There are a few different ways these offers might be made, including by phone, direct mail, email, SMS, social media or targeted advertising through our mobile app or website or other websites. We may market our products and services to you even after you leave us. If you don’t want us to make these offers, get in touch to let us know.

When applicable, you can unsubscribe from electronic marketing that ME, BOQ Group members or our alliance partner organisations send you, by using the applicable ‘unsubscribe’ functionality. When you subscribe to something specific, like a newsletter, these subscriptions are managed separately. If you no longer wish to receive a communication, click the unsubscribe link in the emails.

When we market to our prospective customers we are happy to let them know how we obtained their information and to provide a simple way to opt out.

Sharing your personal information

We may share your personal information with members of the BOQ Group to establish and administer your accounts and when dealing with complaints.

There are some situations in which we’ll share your information, including biometric information and installed application information, with another organisation or person, including when you have given consent or at your request.

Rest assured we only share information with third parties that we believe have the proper systems in place to look after your personal information.

Here are some of the kinds of organisations we might share your personal information with:

Verification services:

• identity verification service providers

General service providers:

• companies involved in providing, managing or administering our products or services such as mailing houses, data processors, researchers and marketing organisations
• security and information technology companies that provide or maintain the systems and services we use
• mortgage insurers, claim assessors or investigators
• product planning, research and analysis agencies
• e-Conveyancing platform providers
• payment system operators, like MasterCard® and digital wallet providers, where you add your card to a digital wallet
• loyalty program partners
• organisations surveying or registering security properties
• debt recovery agencies and debt purchasers

Advisers:

• external advisers such as valuers, lawyers or auditors

Government and regulatory bodies:

• government and regulatory bodies, as required by law
• external complaint resolution bodies

Financial service providers and alliance partners:

• any person or body in connection with loan securitisation arrangements
• credit reporting bodies
• alliance partners
• other financial institutions or credit providers

Financial crime prevention:

• law enforcement agencies
• fraud prevention service providers
• credit providers

Your representatives and guarantors:

• your authorised representatives or advisers
• people acting on your behalf, such as brokers, advisers, parents, guardians, trustees or people holding power of attorney
• guarantors, including prospective guarantors

Home loan customers

If you’re a home loan customer who requires mortgage insurance, we might share your personal information and credit information with one of the following mortgage insurers:

Helia Group Limited

Post: GPO Box 3952
Sydney NSW 2001
Telephone: 02 848 2597
Email: privacyofficer@helia.com.au

QBE Lenders Mortgage Insurance Limited

Post: GPO Box 219
Parramatta NSW 2124
Telephone: 1300 650 503
Email: customercare@qbe.com
Privacy policy: qbelmi.com/pg-QBE-Privacy-Policy-Statement.seo

Outside of Australia

ME’s core bank systems and people are in Australia, but some of the third parties we share personal and credit information with, for the purposes described in this policy, might store or access the information overseas or be based in other countries.

That means it’s possible that your information might end up stored or accessed in overseas countries, including Canada, the USA, New Zealand, the Philippines, Singapore, China, Japan, Hong Kong, India, Malaysia, Papua New Guinea, South Africa, the UK, France, Ireland, Netherlands, Taiwan, Belgium, Germany, Spain, Finland, Israel, Bulgaria, Mongolia, Costa Rica and Thailand.

Of course, we only share information with third parties when we’re satisfied they have information security protection in place, whether that’s in Australia or overseas.

We also might store your personal information electronically in networked or cloud storage, which could be accessible in countries outside Australia. But as always, we take proper steps to secure and protect your personal information wherever we’re storing it.

Keeping your information safe

Whenever we store your personal information or credit information - we always take proper steps to safeguard and protect it, in accordance with Australian privacy law.

We may store your information in hard copy or electronic format. We may keep it on our premises or in storage facilities located in Australia, or that are owned and operated by our trusted service providers (including cloud providers that may be located outside of Australia).

Protecting your information is our priority. We use a combination of technical solutions, security controls and internal processes to help us protect your information and our network from unauthorised access and disclosure.

We train our staff on how to keep information safe and secure. And when we don’t need your information anymore, we’ll de identify it or dispose it securely as soon as practical. However, some personal information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.

We do our best to keep you and your information safe and secure, but you should know that there’s always a risk of that information being compromised, however small.

Always make sure to keep your personal and login details safe, and educate yourself on the best ways to safeguard your information, e.g. protecting your banking details by not sharing your passwords and PINs and keeping up to date with any security material we provide to you. We’ll not ask for your personal or identity details via an email or SMS link. If you receive this type of request, contact us immediately.

Keeping your information safe is vital – which is why we get you to verify your identity before you can
access or change the personal details we have for you.

Access, update, or correct your personal information

We do our best to keep your personal and credit information accurate and up-to-date, so it’s important you keep your contact details up to date.

Accessing your information

In most cases you can access the personal and credit information that we hold about you by calling or writing to us (see getting in touch). This includes information we have obtained from credit reporting bodies.

Before giving you access, we’ll need to confirm your identity. We’ll do our best to respond within 30 days. If it’s going to take longer, we’ll get in touch to let you know why and ask for more time.

There are some situations where we might refuse or limit your access to information, such as when the information is commercially sensitive. If that happens, we’ll write to you and let you know why and how you can make a complaint if you have concerns.

Updating your information

We do our best to keep your personal and credit information accurate, and up-to-date. It is important we have your current home and email address and phone details, so if any of your details change – let us know using internet banking or by calling us on 13 15 63.

Correcting your information

Contact us if you think there is something wrong with the information we hold about you (see getting in touch). Before we can correct your information, we will need to confirm your identity. For requests to correct credit information we might need to consult a credit reporting body or another credit provider.

If we confirm your information was incorrect, we’ll fix it and let you know in writing within 30 days of your request. If we need longer, we’ll get in touch to let you know why, and ask you for more time.

If we find that another organisation has made a mistake regarding your credit information, we can help you ask them to correct it. If we correct:

• your credit information, we’ll tell any other people or organisations we’ve previously shared the information with (e.g. a credit reporting body);
• any other personal information, we’ll tell any other people or organisations we’ve previously shared the information with only if you ask.

If it turns out we don’t agree your information is incorrect, we’ll write to you and tell you why and how can make a make a compliant if you have concerns. You also have the right to ask us to include a statement with the information saying you disagree and believe it is inaccurate, out of date or misleading.

In general, there are no fees to access or correct your information. But if you ask for access to a large amount of information, we might charge a reasonable administration fee to cover time spent locating the information and providing it to you. If that situation comes up, we’ll let you know about the fee before we get started on your request.

Resolving your privacy issues or complaints

If you have an issue or complaint about the way we’re handling your information let us know. It’s best to speak to us first and we’ll do our best to resolve it as quickly as we can. Generally we’ll try to fix the problem within 5 business days.

More complex problems may take longer to investigate and resolve, but our team will keep you updated regularly. If it takes longer than five days to resolve your issue, we will confirm the outcome with you in writing.

We will aim to resolve your complaint within 30 days (or 21 days for default notices, financial hardship or requests to postpone enforcement proceedings). In the unlikely case that we are unable to provide an outcome in this time, we will let you know in writing the reason for the delay.

If your issue or complaint is about your credit information, we may need to get in touch with other organisations such as credit reporting bodies or other credit providers. That will generally involve a longer investigation, of up to 30 days. If it looks like it’s taking us longer than that, we’ll get in touch to let you know why, and to ask you for more time.

If you’re looking to resolve an issue or complaint about your personal information or credit information with ME, here are the steps to take:

1. Get in touch with ME directly.

Call us on 13 15 63 or send us a secure email using internet banking. We’ll look into the issue and do
what we can to fix it.

2. Go to ME’s Customer Relations team.

If you’re not satisfied with how we’ve resolved things, you can contact our Customer Relations team to review your complaint. Just send a secure email using internet banking or send an email directly to customer.relations@mebank.com.au

3. Contact ME’s Privacy Officer.

If you’re still not happy with the way we handled your complaint you can contact our Privacy Officer by sending an email to privacy@mebank.com.au

4. Go to an external body.

If, after following our internal complaint process, you’re still not satisfied with how we managed
your complaint or the outcome, you can contact an external body – either the Office of the Australian
Information Commissioner or the Australian Financial Complaints Authority.

Office of the Australian Information Commissioner (OAIC)

If your complaint is about how we handle your personal information or credit information, you can contact the OAIC on 1300 363 992 or go to oaic.gov.au

Australian Financial Complaints Authority (AFCA)

If you have a complaint about the products or services we provide you or the way we handle your credit information, get in touch with AFCA on 1800 931 678 or go to afca.org.au

Online data collection

When you visit our website, online application forms, internet banking or mobile app we may use cookies to collect data about your user journey and use this information to improve our customers experience. Not only do we use this information to improve and maintain our online channels but also to improve security, tailor our marketing advertising, tracking and analysing your session data.

We may use 1st and 3rd party cookies, web beacons and click stream data in order to gather details of your preferences, behaviour and browser type. This information may be aggregated for us to learn about our customers which can help us provide a better service.

Here’s some of the general information we may collect when you visit any of our online channels or
applications:

• the website that referred you to ours
• the browser, operating system or device type you are using
• IP address or device ID
• the date/time and duration of visit
• what you view and any errors may encounter whilst on our site
• information from third party websites, applications or platforms containing interactive content or that interface with our website and applications
• how you navigate through the site and interact with pages (including fields completed in forms
• and applications completed)

We use this information to:

• carry out your instructions
• administer and enhance the performance, content and services offered on our online channels
• improve the effectiveness of our marketing activities, including remarketing our offers on third party websites
• monitor web traffic
• secure your transactions with us
• remember your preferences and other purposes

Of course, until you log in, or contact us using an online form, any browsing you do on our site is completely anonymous. You can choose to change your browser’s cookie settings via your browser privacy settings, including blocking the use of cookies. If you choose to delete or block cookies, your experience on our website may be limited.

Social media platforms

We may collect personal information about you from social media platforms if you publicly comment but we will never ask you to supply personal information publicly over Facebook, Twitter or any other social media platform we use. Sometimes we may invite you to send your details to us via private messaging for example to answer a question about your account.

Unfinished applications

If you start but don’t finish an online application, we might use the details you’ve provided so far to get in touch with you or offer help finishing the application.

Browsing security

We do everything we can to keep your information safe while you’re browsing our website, but it’s also important that you follow good online security at your end of things – like keeping your operating system, browser and anti-virus software up-to-date.

Credit information

Like all banks, we’re regulated in the way we use credit information through the government’s Privacy Act and the Privacy (Credit Reporting) Code.

When you apply for or have a credit product with ME, or when you put yourself forward as a guarantor, we’ll collect and store credit information, and that information could be shared or used in the future.

What types of credit information do we collect and hold?

If you apply for credit or give a guarantee, the types of credit information we collect and hold includes information about your credit worthiness, includes:

• your name, date of birth and gender
• your address (including prior addresses)
• the kinds of credit products you have or have applied for
• information on credit previously given to you by us or other credit providers, including financial
• institutions, energy or telecommunications companies
• how much you’ve borrowed and how you’ve managed your credit obligations (which could include details of defaults and repayment history)
• information in a credit report from a credit reporting body (such as a credit score)
• whether you have committed fraud or a serious credit infringement
• details of credit-related court proceedings or insolvency
• information about your credit worthiness that has been derived from the above for our own credit ratings, assessments and ongoing reviews

How we use your credit information

In addition to using personal information as mentioned above, your credit information could be used for a few different things, including:

•  assessing your credit application or to accept you as a guarantor
• our internal operations, including risk management, securitisation, credit scoring and portfolio analysis
• determine whether you need assistance to meet your repayment obligations to help prevent defaults
• assist with financial hardship applications
• collecting overdue payments
• in circumstances where we reasonably believe that you have committed a serious
• credit infringement

Sharing your credit information

In addition to sharing your personal information as mentioned above, as permitted by law or industry requirements, your credit information may be shared with organisations including the following:

• credit reporting bodies (prior, during or after a loan product is provided to you)
• members of the BOQ group
• other credit providers
• any person who has or will act as a guarantor
• debt collection agencies
• any person or body in connection with new or proposed mortgage loan securitisation
• arrangements
• any person to whom we are considering selling part of our banking business
• the mortgage insurer
• an enforcement body
• government agencies or dispute resolution schemes

What’s a credit reporting body?

Credit reporting bodies are companies that hold credit information about individuals. They supply this information to credit providers in certain circumstances such as when an individual applies for credit or if they are seeking to help an individual avoid defaulting on credit given.

Dealing with credit reporting bodies

Credit reporting bodies are permitted by law to a handle personal information related to credit.

Our dealings with the credit reporting bodies are reciprocal. When you apply for credit with us, or act as guarantor for someone else, we may share your personal information in order to collect credit information about you from credit reports provided by credit reporting bodies.

ME participates in the credit reporting system and shares credit information about your credit accounts with credit reporting bodies on an ongoing basis, including missed repayments, defaults or serious infringements e.g. fraudulent behaviour or deliberately seeking to avoid repayments.

But we also let them know when you make your payments on time or correct a default.

The credit reporting bodies may include this information in reports shared with other credit providers to assist them assess your credit worthiness when you apply for credit.

Our credit reporting bodies

We use the three main credit reporting bodies in Australia: Equifax, Experian and illion. If you’re interested in their privacy policies, here’s where you can get them:

• Equifax Australia Information Services and Solutions Pty Limited
• Experian Australia Credit Services Pty Ltd
• illion (Australia) Pty Ltd

Accessing or correcting your credit information

To see or correct your credit information go to the access, update or correct your information section.

Resolving credit issues or complaints

If you’re concerned about how your credit information has been handled, or if you have a complaint, check out the resolving your privacy issues or complaints section.

Opting out of pre-screening assessment

All credit providers can ask credit reporting bodies to use the information they hold about you for pre-screening assessments. If you don’t want credit reporting bodies to use your information this way, you can ask them not to by getting in touch with them directly.

Taking action as a victim of fraud

If you’ve been a victim of fraud (including identity fraud), or think you might be targeted, you can ask the credit reporting bodies not to use or share the information they hold about you by getting in touch with them directly. On your request, a credit reporting body will not share information about you for 21 days, and you can request an extension period.

Getting in touch

If you have privacy questions or concerns, or if you want a printed version of this policy, get in touch:

Telephone: 13 15 63
Email: privacy@mebank.com.au
Post: The Privacy Officer – ME
GPO Box 1345
Melbourne VIC 3001

Notifying you

When you give us personal information we’ll let you know why we’re collecting it, and how we might use or share it. We’ll also tell you how you can access your information or correct it, and how you can make a complaint. We may provide more specific details about how we handle your information when you complete an application or web form in a Privacy Notice or the terms and conditions, so always read these documents carefully.

Changes to this policy

This policy is relevant for current and former customers and is effective as of 23 February 2022. From time to time it may be necessary to update this policy, and any amendments will apply to all the information we hold at the time of the update. We will post the updated policy on our website and we encourage you to check this page from time to time.

Download a copy of our Privacy Policy