We understand that your privacy is important to you and we care about protecting the privacy and security of your personal information, including any sensitive and credit-related information.
We protect the personal information of our members and customers in accordance with Australian Privacy Laws.
This Policy sets out how Australian Unity1 handles your personal information. It explains:
|We’ll also provide you with more information about how we handle your information when you fill out an application, make a claim, or receive the terms and conditions of your product or service.
|Personal information includes any information or opinion that can identify somebody, such as name, address, date of birth, telephone numbers or driver’s license number.
The personal information we collect about you depends on the type of product or service you receive or request from us. We may also collect personal information from you, or third parties, to manage your accounts and services and to better understand you, your preferences and interests.
This information may include:
|At the end of this Policy, we have included an Appendix which outlines how we manage credit-related information. This is to be read in conjunction with other information in this Policy.
|Sensitive information includes information about a person’s racial or ethnic origin, political opinions, political association, religious beliefs or affiliation, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, health information and genetic information.
We will only collect sensitive information if:
This may include:
You can remain anonymous or use a pseudonym if we do not need your personal information to provide a product or service.
You may choose not to disclose your personal information to us, but it may limit or prevent us from releasing records to you, dealing with you, managing emergencies effectively, providing you with products and services or letting you know about other products and services that might better suit your needs.
|In most cases we’ll collect personal information directly from you when apply for a product or service, use our website, apps, social media, talk to us, provide feedback, visit one of our offices or register for an Australian Unity program. There are times where we may collect information about you from other sources.
Sometimes we collect information about you from other sources including:
Where you have given us personal information about another person, for example a person you have authorised to act on your behalf, we expect you to tell those people that you have given us their information, and to tell them about this Policy.
Where we receive unsolicited personal information that we do not need to deliver products and services to you (for example, in correspondence that you may send to us), we will where reasonable to do so, destroy or de-identify this information. Where we retain this information, it will be subject to this Policy.
We collect information about our customers’ preferences and behaviours to help us administer and enhance:
We also monitor web traffic to make sure the website is available during peak periods.
Whenever anyone visits our website, online member services or apps, we collect data about their visit using ‘cookies’ to obtain information about how our website is being used. Until you log into our website, any browsing you do on our website is anonymous.
When you log on to our one of our online services, we will ask for information to identify you. We will also use the 'cookies' for security purposes. Our website also includes calculators which may require you to enter your personal details.
You may change the settings on your browser to reject cookies, however doing so might prevent you from accessing the secured pages of our website.
Our websites contain links to other sites, which are not subject to this Policy and our procedures. Refer to these websites directly to obtain their privacy policies and practices.
If you wish to opt out of us using your personal information to display targeted advertising on digital platforms, please call us on 13 29 39. To otherwise manage the ads you see on digital platforms, please visit the platform’s website (for example, Google Ad Settings or Facebook Ad Preferences).
|We use your personal information to provide you with products and services (including third party products and services) you’ve applied for, to identify you, to manage your account, improve the service you receive and assess your eligibility for Australian Unity Limited (AUL) membership. We also use this information to comply with our legal obligations.
Some specific uses include to:
We may use your personal information to tell you about products or services you request or that we think might benefit you, including via:
We respect the rights of our customers to choose the material they want to receive and how they wish to receive it, including by electronic means. You can therefore choose to receive only the materials you want or opt-out of receiving marketing information from us by calling 13 29 39. If you are an AUL member you can tell us how or if you want to see specific AUL member documents such as notices of meeting, annual reports and member marketing communications, by visiting our member portal at members.australianunity.com.au. Before accessing this website, you will need to register for a member portal account at australianunity.com.au/benefits.
|We may share your personal information within the Australian Unity Group, to selected third parties to assist us with providing you with products and services and to other parties you have consented to share your information with, or where we are required by law.
We may share your personal information within the Australian Unity Group. This helps us provide you with information about other products and services within the group, verify your personal information, assess your eligibility for AUL membership and offer a streamlined customer-experience across our group.
We may also provide your personal information to selected third parties outside the Australian Unity Group to assist us to provide you with products and services, deliver technology or other support for our business systems, refer us to new customers, or assist us with marketing and data analysis.
To protect your personal information, we select service providers that we expect to comply with applicable Privacy Laws and to only use the personal information we disclose to them for the specific role we ask them to perform.
We also have agreements in place which set out the terms we expect our service providers to comply with. We may ask for information to satisfy ourselves that they can comply, and are continuing to comply, with the terms of the agreement.
For example, we may disclose personal information to:
We may also disclose your information to others where:
|We may disclose your personal information to service providers located overseas. When we do disclose or store information overseas, we take reasonable steps to ensure that your information is provided with the same level of protection as it is within Australia.
We may disclose your personal information to service providers located overseas — including the United States, Canada, the United Kingdom, Ireland, India, Germany, New Zealand and the Netherlands. In some cases, our service providers may store personal information in countries that are not listed above if that is where their computer systems or IT services are located.
When we do disclose or store information overseas, we take reasonable steps to ensure that your information is provided with the same level of protection as it is within Australia. We also comply with specific security standards prescribed by the CDR rules in relation to CDR Data.
We do this by only engaging with third parties located in a country which we believe has similar privacy laws to Australia, or by ensuring the third party can provide the same level of protection consistent with our Privacy Laws. We have agreements in place which set out the terms we expect them to comply with, which include compliance with privacy and other Australian laws. Before entering the agreement, and throughout the engagement, we may ask for information to satisfy ourselves that they can comply, and continue to comply with the terms of the agreement.
Where you ask us to disclose information to an overseas recipient, we may not take the above steps in relation to the management of your information. Where that overseas recipient is an ADR, we will comply with CDR obligations in relation to that disclosure.
We use a range of physical, electronic, and other security measures to protect the security, confidentiality, and integrity of the personal information we hold about you.
Most of the information we hold about you is stored electronically, and some information will be stored in paper files.
We store most of the information we hold about you electronically. Some of your information is in secure data centres that are located in Australia and some with selected service providers (including cloud service providers) who may store your information outside Australia.
The security measures we use to protect your personal information include:
As a Data Holder in relation to CDR Data, we comply with the security controls obligations and security standards of the CDR Privacy Safeguard Guidelines.
Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that the security of any account you have with us has been compromised, please contact us immediately on 13 29 39.
Keep your access details, like your username, password and PIN, confidential and don’t share them or leave them somewhere that’s easy for others to access or find. Don’t allow others to use your credentials or use words that are easily guessed.
Where you allow others to use your credentials or where your credentials are used by others, we will assume that they are you.
Let us know immediately if you suspect that there has been an unauthorised access to your information or use of your credentials.
Where we no longer need to keep your information for a business purpose and the legal retention period for keeping this information has passed, we will either destroy or de-identify this information.
This Policy will not apply to the use of de-identified information — information where identifiers that could be used to identify you have been removed — because it is not information that identifies you.
In the event of any loss, or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, we will investigate and notify the Office of the Australian Information Commissioner and other relevant regulatory bodies, and notify you as required under Privacy Laws.
|Any queries about access and correction to your personal information should be directed to 13 29 39, emailing us via our website, or writing to us.
Your request should include a detailed description of the information required, including enough information so we can verify your identity and, if necessary, your right to the information (e.g., you have consent or guardianship orders) .
We will try to provide you with the information you asked for within 30 days. We will keep you updated as to the progress of your request.
In some cases, we can refuse access or only give you access to certain information, such as if this access may interfere with the privacy of other individuals or if this access may reveal commercially sensitive information.
If you’ve accessed one of our services anonymously or by using minimal identifiers (e.g. just a first name and postcode or contact number) we may not be able to provide you access to personal information if we can’t reasonably identify you.
If we’re unable to provide you with access to your information, we’ll inform you of the reasons why.
If you believe that the information we hold about you is inaccurate, incomplete or out-of-date, please contact us with the details of your correction request.
If we disagree with the request for correction or, by law, correction is not possible (e.g. Health data), we’ll write to you to let you know why.
To resolve an issue or make a complaint about how we manage your personal information, contact us first and let us respond to your complaint.
Contact us directly on 13 29 39 or email us through the website
|Escalate to our complaints teams
If you are not satisfied with our response, ask to speak to our Complaints Team.
|Contact Australian Unity’s Privacy Officer
Group Privacy Officer
Australian Unity Limited
Level 15, 271 Spring Street
Melbourne VIC 3000
|Contact an external body
If you’ve followed these steps and you’re not happy with the outcome, you can contact the relevant external body:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney, NSW, 2001
Phone: 1300 363 992
Fax : +61 2 9284 9666
If you are an Australian Unity banking customer, you can also contact:
Australian Financial Complaints Authority (AFCA)
GPO Box 3, Melbourne Vic 3001
Phone: 1800 931 678
Website: www.afca.org.au (you can make a complaint online)
Australian Unity Limited and its subsidiaries are subject to the same standards for handling of personal information, regardless of which services they provide. Australian Unity Limited businesses include our dental centres, wealth, financial planning, bank, general insurance, private health insurance, trustee services, retirement villages, home care services, aged care services, and disability services. Our subsidiaries include but are not limited to:
The credit reporting provisions in this Policy apply to Australian Unity Bank Limited because it provides consumer credit products and services to its retail banking customers and handles credit-related information.
Additional information about how Australian Unity Bank Limited collects, uses, discloses credit related information (a subset of personal information) is outlined below.
|Credit-related information is a type of personal information that includes “credit information” and “credit eligibility information”. The glossary end of this Policy contains definitions of these terms.
When you apply for credit, give a guarantee, or have a credit product with Australian Unity Bank Limited, we collect credit-related information relevant to your application. We also collect credit information for ongoing management of your account.
Some of the information we collect is:
If you apply for credit or give a guarantee or have a credit product with Australian Unity Bank Limited, we collect personal information and credit-related information about you from third parties, such as:
When you apply for a credit product, or act as guarantor for a person applying for a credit product, we collect information about you from credit reports provided by credit reporting bodies. We use this information, along with other credit-related information we have collected from you, to assess your application.
To obtain a credit report, we provide information to the credit reporting body:,/p>
We may also provide information about the way in which you manage your account, such as:
You can access their respective policies on their websites:
If you require mortgage insurance, we share your personal and credit-related information with our mortgage insurer Genworth Financial Mortgage Insurer Insurance Pty Ltd.
We may refuse an application for consumer credit made by you or with other applicants.
Our refusal may be based on credit eligibility information from a credit reporting body about you, another applicant or another person proposed as guarantor. If this occurs, we’ll give you written notice that the application has been refused based on that information. We’ll tell you the name and contact details of the relevant credit reporting body and other relevant information.
Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers (for example, Australian Unity Bank Limited), and others in the credit industry to help with managing credit risk, collecting debts and other activities.
You can also ask a credit reporting body through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud, including identity fraud.
If you believe incorrect information was provided to us by a credit reporting body, or information we have provided to a credit reporting body is incorrect, we’ll contact the credit reporting body and other credit providers to investigate the accuracy of your information.
This can take up to 30 days. If we need longer, we will let you know why. We will also tell you when we correct the information.
If we do not agree that the information is incorrect, we will write to you to tell you why and what you can do if you are not satisfied with our response.
|Accredited Data Recipient (‘ADR’)
|A participant within the CDR- Open Banking Regime, who has been accredited by the regulator to receive CDR data.
|Australian Privacy Laws
|The Privacy Act 1988 (Cth) (Privacy Act), Privacy (Credit Reporting) Code 2014, Consumer Data Right (CDR) Privacy Safeguard Guidelines and other applicable laws in relation to the handling of personal information.
|Consumer Data Right. This is a reform that enables individual and small business consumers to efficiently and conveniently access specified data about them held by businesses (data holders), and to authorise the secure disclosure of that data to accredited data recipients or to themselves.
|Data that has been defined by the Consumer Data Right rules under one of the following groups of data: product data (to which Privacy safeguards do not apply), customer data, account data and transaction data.
|Credit eligibility information
|Information that has been obtained from a credit reporting body, or that has been derived from that information, that is about an individual's credit worthiness.
|Personal information that includes the following:
|Means Credit information, Credit eligibility information and related information.
|A participant within the CDR – Open Banking Regime (usually a Banking institution) that is holding the CDR information.
|Any information or opinion that can identify somebody, such as your name, address, date of birth, telephone numbers, or driver’s license number.
|Personal information that is given a higher level of protection under the Privacy Act. It includes information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliation, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, health information and genetic information.