Australian Unity has been around for more than 180 years and our focus is still the same: to serve and enhance the wellbeing of our members, customers and communities. We want to help people thrive by helping you to create a bright future with our health, wealth and care services.
We understand that your privacy is important to you. At Australian Unity we have a long history of handling the personal information (including sensitive information and credit-related information) of our customers, with integrity and confidentiality.
Australian Unity cares about protecting the privacy and security of your personal information and we value your ongoing trust in us to protect this information.
We will protect the personal information of our members and customers under the Privacy Act 1988 (Cth) (Privacy Act), Privacy (Credit Reporting) Code 2014, Customer Data Right (CDR) Data under the Privacy Safeguards of the Customer Data Right and other applicable laws in relation to the handling of personal information (Privacy Laws).
Which entities does this Policy cover?
Australian Unity Limited and its subsidiaries are subject to the same standards in relation to the handling of personal information, regardless of which services they provide. Australian Unity Limited businesses include our dental centres, wealth, financial planning, bank, general insurance, private health insurance, trustee services and independent and assisted living businesses and its subsidiaries include but are not limited to:
- Australian Unity Health Limited
- Australian Unity Bank Limited
- Lifeplan Australia Friendly Society Limited
- Australian Unity Retirement Living Services Limited
- Australian Unity Care Services Pty Ltd
- Australian Unity Home Care Service Pty Ltd
- Remedy Healthcare Group Pty Ltd
- Australian Unity Health Care Pty Limited
The credit reporting provisions in this Policy apply specifically to Australian Unity Bank Limited because it provides consumer credit products and services to its retail banking customers and handles credit-related information.
About this Policy and your privacy
This Policy sets out how Australian Unity handles your personal information. It explains how we can collect, use, hold and disclose this information.
It also contains information about how you can access the information we hold about you, how you can ask us to correct your information, or make a complaint about how we have managed your information.
We will also provide you with more information about how we handle your information when you fill out an application or make a claim or receive the terms and conditions, so you should read these documents thoroughly.
Some helpful definitions
Throughout this Policy, we use terms that have a specific meaning under the Privacy Laws.
- “Personal Information” includes any information or opinion that can identify somebody, such as your name, address, date of birth, telephone numbers, or driver’s license number.
- “Sensitive information” is personal information that is given a higher level of protection under the Privacy Act. It includes information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliation, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, health information and genetic information.
- “Credit-related information” is a type of personal information that includes credit information and credit eligibility information. Please refer to the end of this Policy for the definitions of “credit information” and “credit eligibility information”.
- “CDR Data” means data that has been defined by the Customer Data Right rules under one of the following groups of data: product data (to which Privacy safeguards do not apply), customer data, account data and transaction data.
What personal information do we collect?
Personal information we collect
The personal information we will collect about you will depend on the type of product or service you receive or request from us. We may also collect personal information from you or third parties to manage your accounts and services and to better understand you, your preferences and interests.
Some of the information may include:
- identifying and contact information such as name, date of birth, address, telephone number, email address and social media platform user name
- demographic information such as age and gender
- financial information such as banking, payment and contribution details
- government issued identifiers such as Tax File Number, Medicare and Driver’s License numbers
- transaction information such as records of service contacts, reasons for applying for a product or service, photographs, video and audio recordings of contacts
- registration to programs offered by Australian Unity or our partners
- activity or preference information collected by our partners such as property sales or buying habits
- website usage, and
- other personal information needed or required by law, such as the Anti-Money Laundering and Counter Terrorist Financing Act 2006 (Cth) or tax treaties.
Sensitive information we collect
- We will not collect sensitive information about you unless: we need the information to provide you with the products or services you have requested, or for one of our functions or activities, and have your consent;
For example: we may collect health information (including clinical) to provide you with healthcare, aged care or disability services or to process an insurance claim; or, if you want to vary your repayments for a credit product because you are experiencing financial difficulties (financial hardship), information about your personal circumstances.
- we are legally required or allowed to collect this information.
Credit-related information we collect
If you apply for credit, or give a guarantee, or have a credit product with Australian Unity Bank Limited, we collect credit-related information relevant to your application. We also collect credit-information for ongoing management of your account.
Some of the information we collect is:
- the type of credit product you want, and how much you want to borrow
- financial information, such as: employment, income, expenses, savings and transaction account history
- information from a credit report from a credit reporting body
- how you have managed the repayment obligations on other credit products with us, and other financial institutions, and
- details about any bankruptcies, insolvencies, or other credit-related court proceedings.
How do we collect your personal information?
In most cases, we collect personal information directly from you when you apply for a product or service, use our websites, mobile or tablet applications or social media, talk to us, provide us with feedback, make a complaint, visit one of our offices or branches or register for an Australian Unity program.
Sometimes we may collect information about you from other sources including:
- a person you have authorised to act on your behalf such as an agent or a family member
- a third party such as your treating hospital, dentist or other health service provider or private health insurance fund
- a person covered under your private health insurance cover
- a person such as a spouse, parent or dependent seeking financial planning services
- a nominated beneficiary, a plan guardian or a nominated student of an investment bond
- a Data Holder under CDR rules from which you specifically consented for us to collect CDR data, such as a Bank or any other CDR participant of the CDR – Open Banking regime.
- credit reporting bodies if we request a report about your credit history and other credit providers
- organisations that we have an arrangement with to offer or promote products or services to you
- marketing companies if we acquire contact information to tell people about our products and services that may be of interest to them
- brokers, aggregators or parties who may introduce you to us such as a recruitment firm or referral partner
- referees that you provide us as a prospective employee
- publicly available records including phone directories, websites or the electoral roll
- third parties who make information available to better understand you, your preferences and interests, and
- other related entities so we can better manage our relationship with you.
Where you have given us personal information about another person, for example a person you have authorised to act on your behalf, we expect you to tell those people that you have given us their information, and to tell them about this Policy.
Credit-related information we collect from others
If you apply for credit or give a guarantee or have a credit product with Australian Unity Bank Limited, we collect personal information and credit-related information about you from third parties, such as:
- any referees that you provide
- your employer
- credit providers, and
- third party service providers including credit reporting bodies.
Have you been a victim of fraud?
Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers (for example, Australian Unity Bank Limited), and others in the credit industry to assist them in managing credit risk, collecting debts and other activities.
You can also ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud, including identity fraud.
When we get information we didn’t ask for?
Where you provide us with unsolicited personal information that we do not need to deliver products and services to you (for example, in correspondence that you may send to us), we will, where reasonable to do so, destroy or de-identify this information. Where we retain this information, it will be subject to this Policy.
Do we collect information electronically?
Whenever anyone visits our website, online member services, mobile or tablet applications, we collect data about their visit using ‘cookies’ to obtain information about how our website is being used. Until you log into our website, any browsing you do on our website is anonymous.
We collect information about what our customers’ preferences and behaviours are. This is used to help us administer and enhance:
- the performance of our system
- the content of the website, and
- the products and services we offer to you.
When you log on to our one of our online services we will ask for information to identify you. We will also use the 'cookies' for security purposes. Our website also includes a number of calculators, which may require you to enter your personal details.
You may change the settings on your browser to reject cookies, however doing so might prevent you from accessing the secured pages of our website.
Our websites contain links to other sites, which are not subject to our privacy policies and procedures. You will need to review those websites directly to ascertain their particular privacy policies and practices.
What if you don’t want to provide your personal information?
You may choose not to disclose your personal information to us, but it may limit our ability to deal with you, manage emergencies effectively, provide you with products and services or let you know about other products and services that might better suit your needs.
How do we use personal information?
We use your personal information to provide you with products and services (including third party products and services) you’ve applied for, to manage your account, and improve the service you receive. We also use this information to comply with our legal obligations.
Uses may include to:
- identify you
- assess your eligibility for a product or service
- assess your eligibility for membership of Australian Unity Limited and, if eligible, place your name, address and other required personal information on Australian Unity Limited's member register
- provide and manage a product or service, including assisting you to complete online applications that are not completed, answering your enquiries, and complaints
- protect your accounts by identifying and investigating suspected fraud, other criminal activity or misconduct
- managing our rights and obligations regarding external payment systems
- help us develop insights and conduct data analysis to improve the delivery of products and services, and enhance our customer relationships and to effectively manage risks
- understand your interests and preferences so we can tailor our products, services and marketing, including digital content and tell you about other products and services that may be of interest to you
- where you opt in, to help us to develop health programs to treat a specific illness or condition or to offer services (for example, in-home rehabilitation services)
- improve the service we provide to you by identifying training and development opportunities for our employees and representatives, and
- meet our obligations, or as authorised under applicable laws (such as the Anti-Money Laundering and Counter-Terrorism Financing Act and tax treaties).
Credit-related information we use
When you apply for a credit product, or act as guarantor for a person applying for a credit product, we collect information about you from credit reports provided by credit reporting bodies. We use this information, along with other credit-related information we have collected from you, to assess your application.
How we use your information to tell you about our products and services
We may use your personal information to tell you about products or services you request or that we think might benefit you. We may contact you in relation to these products and services by a number of means, including:
- by email
- using SMS, MMS or other electronic notification
- through social media and other digital platforms
- on our website or apps
- for the purpose of Open Banking, via the CDR consumer dashboard
- by mail, or
- by telephone.
We respect the rights of our customers to choose the material they want to receive and how they wish to receive it, including by electronic means. You can therefore choose to receive only the materials you want or opt-out of receiving marketing information from us by calling 13 29 39.
Who do we disclose information to and why?
We may share your personal information within the Australian Unity Group. This enables us to provide you with information about other products and services within the group, and to offer a streamlined customer-experience between businesses within the group.
We may also provide your personal information to selected third parties outside the Australian Unity Group to assist us to provide you with products and services, deliver technology or other support for our business systems, refer us to new customers, or assist us with marketing and data analysis.
To protect your personal information, we select service providers that we expect to comply with applicable Privacy Laws and to only use the personal information we disclose to them for the specific role we ask them to perform.
We also have agreements in place which set out the terms we expect our service providers to comply with, which include compliance with privacy and other Australian laws. Before, and during the agreement, we may ask for information to satisfy ourselves that they can and are complying with the terms of the agreement.
For example, we may disclose personal information to:
- your representatives (including your legal adviser, accountant, mortgage broker, financial adviser, executor, administrator, guardian, trustee, funeral director (for funeral bonds), attorney or family member)
- the holder of a health insurance policy (including sensitive and health information about benefits claimed under the membership unless you have requested that we not disclose this information)
- insurers and re-insurers
- authorised representatives and credit representatives who sell or arrange products and services on our behalf
- hospital and other health service providers, including to provide you with clinical services for a specific condition, such as in-home rehabilitation services; or when it is necessary to prevent or minimise harm or injury, or to allow for safe clinical handover and continuous medical management
- financial services organisations, including banks, insurers, superannuation funds, stockbrokers, custodians, fund managers and contracted service providers
- payment systems operators (for example, merchants receiving card payments)
- our contracted service providers, agents and contractors (for example, mailing houses, technology service providers and cloud storage providers)
- other organisations, who we partner with to offer or provide products or services to you, or who provide analytical or marketing services to assist us to improve the delivery of products and services, and to enhance our customer relationships
- our professional advisors such as financial advisers, legal advisers and auditors
- fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct
- debt collectors
- external dispute resolution schemes, and
- regulatory bodies, government agencies and law enforcement bodies in any jurisdiction.
We may also disclose your information to others where:
- we are required or authorised by law
- Accredited Data Recipients (ADR) where we have obtained clear and specific consent from you and the sharing is to be executed as agreed with you, or
- you have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances.
When you apply for a credit product, or act as guarantor for a person applying for a credit product, we collect information about you from credit reports provided by credit reporting bodies.
To obtain a credit report we provide information to the credit reporting body:
- that identifies you
- the type of account you are applying for, and
- the amount you are applying for.
We may also provide information about the way in which you manage your account, such as:
- whether you make your repayments on time
- if you fail to make repayments
- if you default on your obligations to repay your credit contract, or
- if you commit a serious infringement, such as fraudulent behaviour, or deliberately fail to make your repayments
Home loan customers
Do we disclose information overseas?
We may disclose your personal information to service providers located overseas — including the United States, Canada, the United Kingdom, Ireland, India, Germany, New Zealand and the Netherlands. In some cases, our service providers may store personal information in countries that are not listed above if that is where their computer systems and/or IT services are located.
When we do disclose or store information overseas we take reasonable steps to ensure that your information is provided with the same level of protection as it is within Australia. We also comply with specific security standards prescribed by the CDR rules in relation to CDR Data.
We do this by only engaging with third parties located in a country which we believe has similar privacy laws to Australia, or by ensuring the third party is able to provide the same level of protection consistent with our Privacy Laws. We also have agreements in place which set out the terms we expect them to comply with, which include compliance with privacy and other Australian laws. Before, and during the agreement, we may ask for information to satisfy ourselves that they can and are complying with the terms of the agreement.
Where you ask us to disclose information to an overseas recipient, we may not take the above steps in relation to the management of your information. Where that overseas recipient is an ADR, we will comply with CDR obligations in relation that disclosure.
How do we hold and protect your information?
We will store most of the information we hold about you electronically. We store some of your information in secure data centres that are located in Australia and some with selected service providers (including cloud service providers) who may store your information outside Australia.
Some information we hold about you will be stored in paper files.
We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold including:
- information security such as passwords to control access to computer systems
- privacy training for our employees so that they know how to keep your information safe and secure
- physical security such as locks and security systems, over our paper and electronic data stores and premises
- access management controls, to prevent unauthorised people accessing our systems
- firewalls, and intrusion detection software security measures for our website and computer systems, and
- we also have in place processes designed to identify you when you deal with us by phone, online or face to face.
These processes are designed to ensure we only disclose your information to you, or someone properly authorised by you.
As a Data Holder in relation to CDR Data, we comply with the security controls obligations and security standards of the Privacy Safeguards of the CDR rules.
Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, for example, if you feel that the security of any account you have with us has been compromised, please contact us immediately on 13 29 39.
What you can do to protect your information
You need to keep your access details like your user name, password and PIN confidential and not share them or leave them somewhere that’s easy for others to access or find. Do not allow others to use your credentials and do not use words that are easily guessed e.g. “Password123!”.
Where you allow others to use your credentials or where your credentials are used by others, we will assume that they are you.
Let us know immediately if you suspect that there has been an unauthorised access to your information or use of your credentials.
You can also keep up to date with security information at:
a website run by the Australian Competition and Consumer Commission (ACCC). It provides information to consumers about scams.
ASIC’s moneysmart site provides consumers with information to manage their finances.
Where we no longer need your information, because we no longer need to keep it for a business purpose and the legal retention period for keeping this information has passed, we will either destroy or de-identify this information.
This Policy will not apply to our use of de-identified information because it is not information that identifies you.
How we will handle a data breach
In the event of any loss, or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, we will investigate and notify the Office of the Australian Information Commissioner and other relevant regulatory bodies, and notify you as required under Privacy Laws.
Accessing your personal information
You can request access to the personal information we hold about you by calling 13 29 39, emailing us via our website, or writing to us. Your request should include a detailed description of the information required. We will need to verify your identify before giving you access.
We will try to provide you with the information you asked for within 30 days. We will keep you updated as to the progress of your request.
What happens if we cannot provide you access to information?
In some cases, we can refuse access or only give you access to certain information (such as if this access may interfere with the privacy of other individuals or if this access may reveal commercially sensitive information). If we are unable to provide you with access to your information, we will inform you of the reasons why.
Correcting your information
If you believe that the information we hold about you is inaccurate, incomplete or out-of-date, please contact us by logging on to our website or phoning us on 13 29 39.
If we disagree with the request for correction, we write to you to let you know why we do not agree.
Correction of credit-related information
If you believe that incorrect information was provided to us by a credit reporting body, or information we have provided to a credit reporting body is incorrect, we will contact the credit reporting body and other credit providers, to investigate the accuracy of your information.
This can take up to 30 days. If we need longer we will let you know why. We will also tell you when we correct the information.
If we do not agree that the information is incorrect we will write to you to tell you why and tell you what you can do if you are not satisfied with our response.
Resolving your privacy concerns
If you need to resolve an issue or make a complaint about how we manage your personal information, you should contact us first and let us respond to your complaint. If you are not satisfied with our response, there are other steps you can take.
1. Get in touch with us directly
Contact us directly on 13 29 39 or email us through the website www.australianunity.com.au/contact-us
2. Escalate your complaint to the Complaints Team
If you are not satisfied with our response ask to speak to our Complaints Team
3. Contact Australian Unity’s Privacy Officer
Group Privacy Officer
Australian Unity Limited
Level 15, 271 Spring Street
Melbourne VIC 3000
4. Contact an external body
If you have followed these steps and are not happy with the outcome you can contact the relevant external body:
If it is regarding personal information or credit-related information:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney, NSW, 2001
Phone: 1300 363 992
Fax : +61 2 9284 9666
If you are an Australian Unity banking customer, you can also contact:
Australian Financial Complaints Authority (AFCA)
GPO Box 3, Melbourne Vic 3001
Phone: 1800 931 678
Website: www.afca.org.au (you can make a complaint online)
Refusal of credit applications
We may refuse an application for consumer credit made by you individually or with other applicants.
Our refusal may be based on credit eligibility information obtained from a credit reporting body about you, another applicant or another person proposed as guarantor. If this occurs, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.
Changes and getting a copy of the Policy
Accredited Data Recipient (‘ADR’)
means a participant within the CDR- Open Banking Regime, who has been accredited by the regulator to receive CDR data
means a participant within the CDR – Open Banking Regime (usually an institution (Bank)) that is holding the CDR information
Credit eligibility information
means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about an individual's credit worthiness.
means personal information that includes the following:
- information about an individual, like their name and address, that we may use to identify that individual
- information about an individual's current or terminated consumer credit accounts and an individual's repayment history
- the type and amount of credit applied for in any previous consumer or commercial credit applications to any credit provider, where that credit provider has requested information
- information about an individual from a credit reporting body
- information about consumer credit payments overdue for at least 60 days and for which collection action has started
- advice that payments that were previously notified to a credit reporting body as overdue are no longer overdue
- information about new credit arrangements an individual may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any defaults or serious credit infringements by that individual
- information about court judgments which relate to credit that an individual has obtained or applied for
- information about an individual on the National Personal Insolvency Index
- publicly available information about an individual's credit worthiness, and
- an opinion of a credit provider that an individual has committed a serious infringement of credit provided by that credit provider.
means Credit information, Credit eligibility information and related information.