Introduction

This Privacy Policy applies to MyState Limited as the ASX listed, Non-Operating Holding Company of MyState Bank Limited and TPT Wealth and any entity owned or controlled by us. The use of we/us/our within this Policy refers to any of these entities.

In respect of collecting and using information we are bound by, the Privacy Act 1988 (Cth) (including the Australian Privacy Principles, Credit Reporting and mandatory data breach notification), the Privacy (Credit Reporting) Code and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

This Privacy Policy outlines how we deal with your information, including the purpose for which we collect, store, use and disclose your information, as well as our legal obligations and rights to that information.

If we agree with you to use or disclose any of your information in ways which are different to what is stated within this Privacy Policy, that agreement will override this policy.

 

The types of information we collect

We only ask for personal information relevant to our business relationship with you as a customer. This information includes:

Personal information

Personal information is information or an opinion about an individual who is identified, or who can reasonably be identified, from the information. When you apply for one of our products or services, we may request:

» Information which identifies you, like your name, address and other contact details and your date of birth;

» Information about your financial position, like your income, expenses, savings and assets and any (other) credit arrangements;

» Your employment details;

» Your tax file number; and

» Your reasons for applying for a product or service.

» Biometric information as part of our ID processes.

Credit information

Information collected for credit purposes includes some elements of personal information but also includes the following:

» The kinds of credit products you have or have applied for;

» How you’ve managed your credit obligations, such as your repayment history;

» Information about you from a credit reporting body;

» Any information about overdue credit payments, including any defaults or serious credit infringements by you;

» Information about court judgments which relate to credit that an individual has obtained or applied for;

» Information about you on the National Personal Insolvency Index; and

» An opinion of a credit provider that you have seriously failed to meet the requirements of any credit you have borrowed from that credit provider.

Sensitive information

Where it is necessary to do so, we may collect personal information about you that is sensitive. Sensitive information includes information about an individual’s health, and membership of a professional or trade association.

Unless we are required or permitted by law to collect sensitive information, we will first obtain your consent.

 

How we collect information

We need to collect information from you in order to provide one of our products or services to you, details of how we do this is contained within this section.

Information collected directly from you

Wherever possible, we will collect all information directly from you which will generally come from what you provide in your application for one of our products or services.

Where we communicate with you over the phone we may record those phone calls for training, quality assurance purposes or to maintain a record of your instructions to us. We will inform you if you are being recorded, and you have the right to request that we do not record you. Please note if you request that we do not record you, we may not be able to discuss any of your personal information over the phone.

Where you supply us with personal information about another person (for example a referee or a person you wish to send a payment to), we will take this as confirmation that you have permission to do so. It is your responsibility to inform that person who we are, and that we will use and disclose their personal information for the purposes set out in this Privacy Policy and that they can gain access to that information.

Information collected from third-parties

We may also collect personal information about you from third parties, such as any referees that you provide, your employer, a referrer who may have referred you to us for a product or service, a mortgage broker, other credit providers, data aggregation services, such as Illion Australia Pty Ltd; Government regulators or authorities and third party service providers including credit reporting bodies.

Credit reporting bodies collect credit information about individuals and companies, which they provide as credit reports to credit providers (like us) and others in the credit industry to assist them in managing credit risk, collecting debts and other related activities.

You can also ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.

Information collected through our websites and Internet Mobile Banking

When you visit our websites or use our mobile app, we will sometimes collect information about your visit to help us to improve the experience you have.

This information also helps us improve and maintain the security measures we have in place to identify suspicious account activity and help prevent fraud and scams.

The type of information we may collect includes:

» The time and date of the visit;

» Any information or documentation that you download;

» Your browser type;

» What sections of our websites you view and any errors you experience;

» location information (if enabled on your device)

» IP address

» information about the electronic devices (computers, mobile phones or tablets) you use to access our platforms and how you use them

» details of the wi-fi network or mobile network used by your device

» type of authentication used (for example touch ID or face ID)

When you visit our website and log-in to our secure internet banking, we use “cookies” for security and personalisation purposes. When you visit the unsecured pages of our websites (i.e. public pages that you can access without providing login details) we use cookies to obtain information about how our website are being used so we can provide a better experience to our customers.

 A “cookie” is a small text file which is placed on your Internet browser and which we can access each time you visit our website.

Our website also includes a number of calculators, which may require you to enter your personal details. If you save the data you enter on the calculator, this information will be stored.

Please note that unless you log-on to our secure internet banking platform, or contact us using an online form, your visit and any browsing you do on our website will be completely anonymous.

Sometimes we may use an external service to collect the above information and provide us with reports that help us to understand our website’s traffic and webpage usage. This includes, but not limited to

» Google;

» Optimizely;

» Facebook; and

» Other social networking or online data analytical tools

Information on these external services privacy policies and terms & conditions are available on their independent websites.

What happens if you do not provide your information

In the instance that you do not provide us with the information required, we may be unable to provide you with our products or services

 

Use of information

We may use your personal information for the purpose of providing products and services to you and managing our business.

This may include:

» Assessing and processing your application for the products and services we offer;

» Executing your instructions;

» Charging and billing;

» Uses required or authorised by law;

» Analytics of your behaviour to provide suitable products and services;

» Research and development;

» Collecting overdue payments due under our credit products;

» Managing our rights and obligations regarding external payment systems; or

» Direct marketing.

In general, we do not use or disclose your information for a purpose other than:

» As outlined in this Privacy Policy;

» You would reasonably expect;

» Required or permitted by law; or

» Otherwise disclosed to you to which you have consented.

Marketing

We may use your information to provide you with information about products and services, including those of third parties, other MyState Limited companies which we consider might be of interest to you.

In doing so we may also provide your details to other organisations for specific purposes such as direct marketing, pre-screening for direct marketing and to better understand our customer groups and profiles.

You may opt out at any time if you no longer wish to receive marketing information or do not wish to receive marketing information through a particular channel, like email. You can make this request by contacting or by ‘unsubscribing’ from our email marketing messages, which always include an unsubscribe option. We will complete your opt-out request as soon as possible but no later than 30 days

Direct marketing

We may use your information for direct marketing including for lending purposes.

To do this we may ask a credit reporting body to “pre-screen” a list of potential recipients of our direct marketing against our eligibility criteria, to remove recipients that do not meet those criteria.

The credit reporting body cannot use information about your existing loans or repayment history in carrying out its pre- screening and it must destroy its pre- screening assessment once it has given us, or a contractor acting on our behalf, the list of eligible recipients.

If you do not want your credit information used for pre- screening by a credit reporting body, you can opt-out by informing that credit reporting body.

 

Who we disclose your information to

We may disclose your personal information to other organisations, for example:

» Other entities of the MyState group;

» External service providers and any organisations that are our assignees, agents or contractors providing us services including but not limited to verification of identity, payment system operators, mailing houses and research consultants;

» Insurance providers, where insurance is provided in connection with our services to you;

» Superannuation funds, where superannuation services are provided to you

» Other financial institutions, for example, when you apply for a loan from another credit provider and you agree to us providing information;

» Credit reporting bodies, information including but not limited to repayment history, default history, credit infringement and non-disclosure;

» Providers of professional services such as Loan Mortgage Insurers, collections agencies, lawyers, debt collectors, accountants, etc.;

» Deposit Brokers who assist us in providing deposit products, such as, but not limited to Income Asset Management Group and Australian Money Market

» State, territory or regulatory authorities as needed;

» Organisations involved in our funding arrangements including loan purchasers, investors, advisors, researchers, trustees, rating agencies and financial intermediaries;

» Your representative, for example, a lawyer, mortgage broker, financial advisor or attorney, as authorised by you;

» The issuer of any documents which you provide us with for the purposes of verifying those documents e.g. to verify a drivers licence with the Australian State or Territory who issued it.

We will choose partners who have privacy practices that align to our privacy policy in respect to your information that we share with them.

In some cases we partner with third parties to provide services and products. This partnership may require that we share your information. Some of these third parties include but are not limited to:

» Cuscal;

» Facebook;

» Twitter;

» Instagram;

» Equifax;

» Google;

» Insurance Australia Limited (IAL) trading as CGU;

» MSA National;

» MUFG Pension & Market Services (formerly Link group)

We will not directly disclose your personal information overseas, including your credit information. Where we are required to provide your information to other organisations in the provision of services, including but not limited to insurers, lenders’ mortgage insurers or other entities necessary in the provision of our products or services, your personal information may be disclosed by these organisations overseas, including your credit information.

Where this occurs, we will take reasonable measures to make sure that your privacy is protected in accordance with this Privacy Policy. Upon your request, we will provide you with information on their Privacy Policy.

Where information is sent to third parties some may use services and facilities overseas including, but not limited to:

» United States;

» United Kingdom;

» Canada;

» India

» Philippines; and

» New Zealand.

» Netherlands

Information on these external services privacy policies and terms & conditions are available on their independent websites. Upon your request, we will provide you with information on their Privacy Policy.

 

Security

We take all reasonable steps to safeguard your information, held on our websites or otherwise, is protected from:

» Misuse, interference and loss; and

» Unauthorised access, disclosure or modification.

Depending on the type of information, we will sometimes send information to third-party storage providers to hold and keep secure.

Where we send your information to a third party, we will take all reasonable measures to make sure your information is protected.

Physical information security

Some of the things we do to protect the physical information we hold about you include:

» Endeavouring to keep all data held within Australia;

» Performing customer identification checks before providing any information;

» Limiting access to staff and / or service providers who have been authorised to access the information for a purpose listed within this Privacy Policy; and

» Providing training to relevant staff on how to manage customer records and information in accordance with this Policy

Digital information security

Some of the things we may do to protect the digital information we hold about you include:

» Using up-to-date security measures on our websites to protect your personal information and your credit information;

» Encrypting any data containing personal, credit or related information which we transmit via the internet;

» Performing regular security testing and auditing of our systems used to store your personal information; and

» Limiting access to staff and / or service providers who have been authorised to access the information for a purpose listed within this Privacy Policy.

We ask you to keep your passwords and personal identification numbers safe, do not write them down, allow anyone to see you enter your details and do not tell anyone what they are.

Information we did not ask for or no longer need

Where we are given information that we did not ask for, we will only continue to hold the information if we need it. If we decide we do need this information, we will keep it securely along with the rest of your information. If we do not need this information, we will take reasonable steps to destroy or de-identify it.

When we no longer require your information (including when we are no longer required by law to keep records relating to you), we will take reasonable steps to destroy or de-identify it.

In the event of a data breach

We are bound by the Privacy Act 1988 and are committed to complying with the Notifiable Data Breaches Scheme (NDB) established by the Privacy Amendment (Notifiable Data Breaches) Act 2017.

The NDB requires that where a data breach is likely to result in serious harm to any individuals to whom the information relates, we are required to notify those individuals and the Office of the Australian Information Commissioner (OAIC). The NDB will provide greater protection to the personal information of consumers, greater transparency in the way organisations like us respond to data breaches and give individuals the opportunity to minimise the damage caused by any unauthorised use of their personal information.

 

Access

You have the right to request access to the information that we hold about you at any time. You also have the right to request information that we hold about you be corrected at any time. Requests to access your information can be made by contacting us.

We will respond to your request for access within a reasonable time. If we refuse to give you access to any of your information, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access.

You can contact us if you would like to challenge our decision to refuse access.

There is no charge for making a request to access your information. However, in some cases, there may be a charge to cover the time we spend locating, compiling and explaining the information you ask for. If there is a charge, we will give you an estimate upfront, and confirm that you wish to proceed.

 

How we update this Privacy Policy

From time to time we will update this Privacy Policy. Our current Privacy Policy is always available on our website.

Phone: 138 001

Website: mystate.com.au

Or visiting your local branch.

 

Our contact details

We take reasonable steps to make sure that the information that we collect, use or disclose is accurate, complete and up-to-date. However if you believe your information is incorrect, incomplete or not current, you have the right to request that we update or correct this information or if you have any questions or concerns about our Privacy Policy or our handling of your personal details please contact us.

Privacy Officer

Phone: 138 001

Email: myadvice@mystate.com.au

Post: GPO Box 1274, Hobart TAS 7001

 

Complaints and feedback

We take your feedback seriously and aim to provide simple, easy to use and trustworthy services to our customers. We see your complaint or feedback as an opportunity to improve the way we do things.

How can I lodge a complaint?

You can advise us of your complaint or provide feedback by:

» Using the online form at mystate.com.au;

» emailing us at

mycomplaint@mystate.com.au;

» calling us – 138 001 (between 8:00am and 6:00pm Monday to Friday and 9:00am to 1:00pm on Saturdays, except on public holidays);

» visiting your local branch; or

» writing to us at Complaints & Feedback, GPO Box 1274, Hobart Tasmania 7001.

What should my complaint include?

So that we can resolve your complaint as quickly as possible, it is important that you provide us with as much information as possible. This includes details such as:

» your customer number, name and details of preferred contact method;

» complaint or feedback information

– what is your complaint or feedback about and when did it happen; and

» resolution – how would you like the matter resolved.

What are the options available if I need more help?

Our team can assist you with Translator Interpreter Services (TIS) if you speak limited English, or to use the National Relay Service if you have difficulties with hearing.

You may wish to contact a financial counsellor for free, independent advice about your situation. The National Debt Helpline website (ndh.org.au) has easy to use, step-by-step guides on how to tackle debts. You can also call the National Debt Helpline on 1800 007 007 to talk to a financial counsellor.

What are the response timeframes?

We will try our best to resolve the complaint for you straight away, and in most cases we can.

If we can’t we will:

» acknowledge that we’ve received your complaint within 24 hours or one business day;

» keep you up to date on our investigation and progress;

» provide you with final resolution within 30 days – if not, we will inform you of the reasons for delay and when we expect to resolve;

» if your complaint relates to credit involving default notices or financial hardship, we will provide you with a final resolution within 21 days.

What if my complaint isn’t resolved to my satisfaction?

If you’re not satisfied with the outcome provided to you, the first step is to request the complaint be escalated to a manager of the department you’ve been speaking with.

In the event you are not satisfied with the Manager’s response, you have a few more options as outlined below.

Senior Manager Review

You can request for your complaint to be escalated to a Senior Manager who will review your complaint outcome.

Senior Manager Review

Phone: 138 001

Email: mycomplaint@mystate.com.au, addressed to the Senior Manager

Post: Senior Manager Complaint Review, GPO Box 1274, Hobart TAS 7001

Customer Advocate

You can request for your complaint to be escalated to our Customer Advocate.

The Customer Advocate while not independent, is impartial and focuses on achieving a fair outcome for our customers. Our Customer Advocate will review your complaint outcome to make sure that your complaint was handled fairly.

Customer Advocate Review

Phone: 138 001

Email: customeradvocate@mystate.com.au

Post: Customer Advocate, GPO Box 1274, Hobart TAS 7001

Please allow us the opportunity to resolve your complaint through our internal complaint management process, as detailed above, prior to escalating through any other channels.

External Review

MyState Bank is a member of the Australian Financial Complaints Authority (AFCA).

AFCA is an external dispute resolution body that deal with complaints regarding the financial services industry. It is a good practice to go via the internal complaint resolution processes, prior to escalating a complaint with AFCA.

Australian Financial Complaints Authority

Online: www.afca.org.au

Phone: 1800 931 678

Email: info@afca.org.au

Post: Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001

Privacy or Consumer Data Right Complaints

If your complaint is about how we handle your personal information, you can also contact the Office of the Australian Information Commissioner.

Office of the Australian Information Commissioner (OAIC)

Online: www.oaic.gov.au

Phone: 1300 363 992

Mail: OAIC - CDR Complaints

         GPO Box 5218, Sydney NSW 2001