The privacy and security of your personal information is important to us. Earning and maintaining your trust by carefully and respectfully managing your personal information is fundamental to the way we do business.
We are committed to protecting your privacy.
BT Financial Group is bound by the Privacy Act 1988 (Cth) (‘Privacy Act’) and must protect your personal information according to that Act and other applicable laws, such as the Spam Act 2007 (Cth) (‘Privacy Laws’).
In this policy, “we”, “us” and “our” means BT Financial Group – Advance Asset Management Limited, Asgard Capital Management Limited, BT Funds Management Limited, BT Funds Management No.2 Limited, BT (Queensland) Pty Limited, BT Portfolio Services Limited, BT Private Nominees Pty Limited, BT Securities Limited, Licensee Select – A Division of Asgard Capital, Magnitude Group Pty Ltd, Securitor Financial Group Ltd, Westpac Financial Services Limited, Westpac Life Insurance Services Limited, Westpac Securities Limited, Westpac Securities Administration Limited.
Westpac Group means Westpac Banking Corporation and its related bodies corporate in Australia and overseas.
From 25 May 2018, the General Data Protection Regulation (GDPR) regulates the processing of personal information under European Union (EU) law. The GDPR aims to protect the information relating to individuals in the EU and harmonise data protection laws across EU Member States.
Our collection, use, disclosure and processing of your personal information is regulated by the GDPR if:
Please refer to the EU Data Protection Policy on the Westpac group’s website for information about how we manage your personal information under the GDPR.
This policy explains how we can collect, use, hold and disclose your personal information, as well as ensuring the quality, integrity and security of your personal information under applicable Privacy Laws.
Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from that information. The information or opinion will still be personal information whether it is true or not and regardless of whether we have kept a record of it.
Some examples of personal information may include your:
The personal information that we collect about you will depend on the products or services that you apply for, or enquire about. If you do not allow us to collect all of the personal information we reasonably request, we may not be able to deliver those products or services to you.
Throughout the life of your product or service, we may also collect and hold additional personal information about you. This could include transaction information or making a record of queries or complaints you make and, if you make an insurance claim, collecting additional information to assess the claim.
Our collection of ‘sensitive information’, a special type of personal information under Privacy Laws, is further restricted to circumstances where we have obtained your express consent and to certain other permitted situations.
Generally, we only collect this sort of information if it is reasonably necessary to provide you with a specific product or service and you expressly consent to our collection. For example, we may collect health information about you to process a claim under an insurance policy or to assess certain claims, including hardship, or we may collect voice biometric information to verify your identity or authorise transactions.
We collect most personal information directly from you whether in person, on the phone or electronically, for example when you interact with a Westpac Group company to:
From time to time we collect personal information about you from third parties or organisations. This may arise in circumstances where you have given your consent to do so or where we notify you in our Privacy Notices or Collection Statements, such as when you apply for credit, an insurance product or make an insurance claim. For example, we may collect personal information about you from:
We may collect information from you electronically, for instance through internet browsing on our websites, online banking services, mobile or tablet applications.
Each time you visit our websites, we may collect information about you which may include personal information (such personal information will be de-identified) and may include the following:
We collect information using cookies when you use our websites, online banking services, mobile or tablet applications. Cookies are small pieces of information stored on your hard drive or in memory. One of the reasons for using cookies is to offer you increased security. They can also record information about your visit to our websites, allowing us to remember you the next time you visit and provide a more meaningful experience.
We may also collect information from third party websites, applications or platforms containing our interactive content or that interface with our own websites and applications.
We may collect personal information about you from social media platforms if you publicly comment but we will never ask you to supply personal information publicly over Facebook, Twitter or any other social media platform that we use. Sometimes we may invite you to send your details to us via private messaging, for example, to answer a question about your account. You may also be invited to share your personal information through secure channels to participate in other activities, such as on-line competitions.
The main reason we collect, use, hold and disclose personal information is to provide you with products and services (including where applicable, third party products and services) and to help us run our business. This includes:
We may use or disclose your information to comply with our legislative or regulatory requirements in any jurisdiction and to prevent fraud, criminal or other activity that may cause you, us or others harm including in relation to products or services.
We are required or authorised to collect:
Much of the information we hold about you will be stored electronically. We store some of your information in secure data centres that are located in Australia. We also store information in other Westpac Group secure data centres or the data centres of our contracted service providers (including cloud storage providers), and some of these data centres may be located outside Australia. Some information we hold about you will be stored in paper files.
We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold both in Australia and overseas. For example:
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure for example, if you feel that the security of any account you have with us has been compromised, please immediately contact us (see Contact Us below).
We may share your personal information with companies within the Westpac Group.
We may also provide personal information about individuals to organisations outside the Westpac Group who help deliver or support the provision of products and services to you. To protect personal information, we enter into contracts with our service providers and other third parties that require them to comply with applicable Privacy Laws and certain Westpac policies and standards relating to data protection and information security. These contracts, amongst other things, require our service providers to only use the personal information we disclose to them for the specific role we ask them to perform.
Generally, we use contracted service providers to help us in our business activities. For example, they may help us provide you with products and services, deliver technology or other support for our business systems, refer us to new customers, or assist us with marketing and data analysis. These organisations may include:
We may also disclose your personal information to others outside the Westpac Group where:
We may disclose your personal information to a recipient located outside Australia. This may include the following:
When we do disclose and/ or store personal information overseas, we protect that information using the security measures set out above and require overseas recipients to do the same (see How do we hold personal information).
As a trusted service provider we ensure that our data protection and information security controls applying to your personal information in Australia continue to apply in the hand of our affiliates or contracted service providers located overseas.
We may use your personal information to directly offer you products and services we believe may be of interest and value to you but we will not do so if you tell us not to. These products and services may be offered by a member of the Westpac Group or one of its preferred suppliers. We may offer you products and services by various means, including by mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising through Westpac Group or non-Westpac Group websites or through our online banking service.
When we market products and services to you, we will comply with applicable Privacy Laws to obtain your consent if required.
We may also disclose your personal information to companies outside the Westpac Group who assist us to market products and services to you (see Who do we disclose your information to, and why?). If you do not want to receive direct marketing offers from us or our affiliates or service providers, please contact us using the contact details or opt-out facility provided to you.
You can request access to the personal information we hold about you. You can also ask for corrections to be made. To do so, please contact us.
There is no fee for requesting that your personal information is corrected or for us to make corrections. In some limited circumstances, there may be a reasonable charge for giving you access to your personal information. This charge covers such things as locating the information and supplying it to you.
Under Privacy Laws your right to receive access to your personal information, or make corrections to it, is not absolute and exceptions exist. For example, we are not required to give you access to your personal information where giving you access would pose a serious threat to any person’s life, health or safety, or to public health or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on other people’s privacy or where we reasonably conclude your request is frivolous or vexatious.
If we refuse to give you access to or to correct your personal information, we will give you a notice explaining our reasons except where it would be unreasonable to do so. If we refuse your request to correct your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.
If we refuse your request to access or correct your personal information, we will also provide you with information on how you can complain about the refusal.
From February 2018, the Privacy Act includes a new Notifiable Data Breaches (NDB) scheme which requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change).
The NDB scheme requires us to notify about a data breach that is likely to result in serious harm to affected individuals. There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.
If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.
If you believe that any personal information we hold about you has been impacted by a data breach, you can Contact us using the contact details below.
If you have a question or complaint about how your personal information is being handled by us, our affiliates or contracted service providers, please contact us first by using the contact details provided below.
We will acknowledge your complaint as soon as we can after receipt of your complaint. We will let you know if we need any further information from you to resolve your complaint.
We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five (5) business days but some complaints may take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.
If you are unhappy with our response, you can contact our Westpac Group Customer Advocate who can conduct an independent review of your matter. Our Customer Advocate can be contacted at firstname.lastname@example.org.
Raising your issue with our Customer Advocate does not preclude you from raising your issue at any time with external disputes schemes or relevant regulators whose details are set out below.
Under the Privacy Act you may complain to the Office of the Australian Information Commissioner (OAIC) about the way we handle your personal information. Please note the OAIC requires any complaint must first be made to the respondent organisation. The law also allows 30 days for the respondent organisation to deal with the complaint before a person may make a complaint to the OAIC.
The Commissioner can be contacted at:
Office of Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
The Australian Financial Complaints Authority (AFCA) can consider certain privacy complaints relating to either the provision of credit or credit reporting information in general. The contact details for AFCA are:
Australian Financial Complaints Authority
Phone: 1800 931 678 (freecall)
Mail: Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001
You can contact us by:
Summary of Important Recent Changes
For our customers located in the European Union
Inclusion of information on the General Data Protection Regulation (GDPR)
Personal information about third parties
Inclusion of how we manage personal information that we do not request directly or indirectly
For what purposes do we collect, hold, use and disclose personal information?
Inclusion of further purposes for which we collect, hold, use and disclose information and how we may de-identify personal information which we have collected
How do we hold and protect your personal information?
Inclusion of how we hold and protect personal information
Who do we disclose your personal information to, and why?
Inclusion of other parties with whom we disclose personal information to, and why
Do we disclose personal information overseas?
Update to recipients located outside Australia that we may disclose personal information to
Notifiable Data Breaches
Inclusion of new Notifiable Data Breaches (NDB) scheme
Resolving your privacy concerns and complaints – your rights
Update of information with respect to resolving your privacy concerns and complaints