Heritage Bank Privacy Policy

Heritage and People’s Choice Limited ABN 11 087 651 125 (HPC) operates under the trading names “Heritage Bank” and “People’s Choice Credit Union”. This Heritage Bank Privacy Policy (Privacy Policy) sets out how HPC trading as Heritage Bank deals with individuals’ (you, your) personal information (including credit-related information), as well as HPC’s legal obligations and rights as to that information.  If HPC agrees with you to use or disclose any of your personal information in ways which differ to those stated in this Privacy Policy, the provisions of that agreement will prevail to the extent of any difference. Information about how HPC deal with information about employees and contractors is in section 15.  Any reference to “Heritage”, “us”, “we”, “our” in this Privacy Policy means HPC trading as Heritage Bank. Any reference to “HPC” in this Privacy Policy means HPC trading as Heritage Bank and/or People’s Choice Credit Union (as the case may be).

Where we are trading as People’s Choice Credit Union, a different written privacy policy applies - available at peopleschoice.com.au/privacy and People’s Choice Credit Union branches - which sets out how HPC manages personal information (including credit-related information) received by HPC trading as People’s Choice Credit Union.

We value the ongoing trust you place in us and consider the protection and maintenance of your personal information to be of the utmost importance.  When handling your personal information, we are bound by the Australian Principles of the Privacy Act 1988.  We are also bound by Division 3 of Part IIIA of the Privacy Act and the Credit Reporting Privacy Code (CR Code), which regulates the handling of credit information, credit eligibility information and related information by credit providers, like us and the credit reporting bodies (CRBs) we use such as:

• Equifax Pty Ltd (equifax.com.au)
  
• Dun & Bradstreet (Australia) Pty Ltd trading as illion Australia (illion.com.au)
  
• Experian Australia Pty Ltd (experian.com.au)

This Privacy Policy outlines how we deal with your personal information (including credit-related information), as well as our legal obligations and rights as to that information.  We reserve the right to change our Privacy Policy at any time and will notify you by posting an updated version on our website.  For more information on the privacy policies of CRBs refer to their respective websites. 

We may tell you more about how we handle your information for example when you complete an application form, receive terms and conditions, or a Product Disclosure Statement.  When you receive this information, please consider it carefully.  

Personal information is information or opinion about you that may identify you or by which your identity may be reasonably determined.  The types of personal information that we collect and hold may include the following information about customers and potential customers of HPC and associated persons (such as guarantors, or third parties who share commitments or expenses with a person who has applied for a Heritage credit product) which is relevant to our relationship with that person.  This information includes:

• general information such as an individual’s name, contact details (including postal address, email address and telephone numbers) date of birth, financial details such as income, savings and lending history and expenses or tax file number, gender, marital status and the reason a person might be applying for a financial product from us;
• “sensitive information” such as information or opinion about an individual’s health, religious beliefs, race or ethnic origin. If there are circumstances where we need to collect or disclose sensitive information, we will ask your consent (unless required or permitted by law);
• information that we record about an individual during our relationship with them including about their transactions, the products they hold and the services HPC provide to them;
• “credit information” which includes identification, employment history, consumer credit liability information, repayment history information, financial hardship information, credit enquiry, type of credit sought, default information, court proceedings and personal insolvency information, publicly available information that relates to the individual’s credit worthiness and information about serious credit infringement. We will hold all of this information about an applicant for credit, a guarantor, or related person (for example, a director of a company which has applied for credit);
• “credit eligibility information” which means information that has been obtained from a CRB (e.g. a consumer credit report), or personal information that has been derived from that information, that is about an individual’s consumer credit worthiness. The kind of information we might derive from an individual’s consumer credit report includes a credit assessment relating to the individual, an unsuitability assessment, relating to the individual and any internal credit scores;
• If you are under the age of age sixteen [16], where reasonably practicable, we will seek the consent of your parent or guardian before collecting your personal information.

We will only ask for personal information (including credit information and credit eligibility information) relevant to our business relationship with you and we will tell you why we are asking for it when we collect it.  If you do not provide some of your personal information, we may not be able to provide you or a person with whom you are associated with some of our products or services, or we may be required to restrict operation of a financial product.

Personal information may be collected from you:

• to check your eligibility for or to provide you or some associated person (for example, a person you are acting as guarantor for, or a company you are a director of, or a person with whom you share commitments or expenses) with financial products or services;
• (unless you ask us not to) to send you information about products or services offered by HPC or those provided by third parties with whom HPC have a business relationship;
• to assist you with your enquiries or concerns including managing a complaint or dispute;
• to verify your identity and undertake customer due diligence;
• to send you surveys or requests for feedback in relation to HPC, our Heritage Bank brand, our People’s Choice Credit Union brand and/or any products and services provided by HPC under our Heritage Bank or People’s Choice Credit Union brands;
• protecting the rights of HPC and its representatives;
• for research, training, product and service development, risk assessment, risk modelling, fraud detection and marketing requirements; and
• for any other purpose required or authorised by law.

If you have a credit facility with us or are a guarantor, we may also collect your information for the purpose of collecting overdue payments relating to credit you owe or a guarantor you have given and for our internal management purposes related to credit provided.

We may also ask for your personal information because we are obliged to collect it under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which requires us to ask you for information to check your identity (for instance, by referring to your driver’s licence, birth certificate or passport).

The National Consumer Credit Protection Act 2009 (Cth) may also require us to make reasonable enquiries when you or a person with whom you share commitments or expenses apply for credit or a credit limit increase.

We may collect your TFN in order to calculate our withholding obligations as authorised by the Taxation Administration Act 1953 and the Income Tax Assessment Act 1936.  You are not required to provide your TFN, however if you do not, we may be required to withhold amounts from you and remit them to the Australian Taxation Office.

We collect most personal information directly from you.  We may do this when you apply to become a customer, complete an application for one of HPC’s products and services, deal with us over the telephone, communicate by post or electronically (such as via email, SMS, or social media), through mobile or tablet applications, using our internet banking services, or visiting our website or one of our branches (including our community branches).

We may monitor and/or preserve telephone calls, video calls, postal or email transmissions for the purpose of staff training, quality assurance, security reasons, to verify statements made and to assist with our complaint management process. 

The technology “cookies” may be used to collect statistical information on our website or online banking.  Cookies may also be used for other purposes which help us further enhance our service such as collecting preferences, geographical information and to auto populate.  You are able to use your browser settings to manage cookies including preventing the acceptance of some or all cookies.  For more information on adjusting browser settings and system requirements please see our website heritage.com.au.  If personal information about you is collected by third parties on any website you have accessed through our websites, we may also collect or have access to that information as part of our arrangement with those third parties.

Sometimes, such as where we need to verify your identity, undertake customer due diligence, prevent or detect money laundering or terrorist financing and where we are required or authorised by law, we may obtain personal information (including credit information and credit eligibility information) about you from our other brands or a third party.  These third parties may include banks, financial advisers, family members, your employer, medical practitioners, CRBs, government authorities and publicly available sources of information.

You may not have a Heritage branded product or service, but you may interact with or through HPC for some other reason for example, as a claimant under our insured’s policy, as a recipient of another HPC product or service, as a witness in an accident, as a spouse or family member of a customer, as someone who shares commitments or expenses with a person who has applied for an HPC credit product, when entering a competition or commenting via social media.  We will collect, use, and disclose your personal information in accordance with this Privacy Policy and any Privacy Statement you may receive when you interact with us.

We store your personal information (including credit information and credit eligibility information) in a number of ways including:

• in computer systems or databases including cloud storage;
• in hard copy or paper files; and
• in telephone recordings.

This may include storage on our behalf by trusted third party service providers.

The security of your personal information is important to us, and we take all reasonable precautions to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure.  Some of the ways we do this are:

• confidentiality requirements of HPC employees;
• document storage security policies;
• returning documents to you or destroying data when no longer required in a secure manner or by de-identifying;
• security measures including passwords for access to our systems;
• only giving access to personal information to a person who is verified to be able to receive that information;
• having confidential face-to-face discussions between you and us in a secure environment;
• controlling the access to our buildings; and
• electronic security systems, such as firewalls, virus software and data encryption on our websites.

Additional information about the security systems we employ is available at heritage.com.au

Whilst we take all reasonable measures, no data transmission over the internet can be guaranteed to be totally secure.

To assist us we expect you to take appropriate steps to ensure security of your information including keeping your access passwords confidential, destroying any documentation we send to you containing your access passwords and logging out properly when you leave your computer.

We may disclose your personal information (including credit information and credit eligibility information) across any HPC brand, to third parties where they help us with our businesses, where it is required or authorised by law, or you consent to us doing so. Where your personal information is disclosed to third parties, we will seek to ensure that the information is held, used, or disclosed consistently with the Australian Privacy Principles in Part IIIA of the Privacy Act 1988 and the CR Code.

Types of third parties include:

• parties involved in providing, managing or administering HPC’s products or services and assisting HPC with its businesses such as third-party suppliers, printers, bulk mail services, statement production providers, market research companies, authorised representatives and legal, tax, audit and accountancy advisers;
• parties maintaining, reviewing and developing HPC business systems, procedures and infrastructure including updating and maintaining data, testing or upgrading computer systems;
• alliance partners, for example, where you have a co-branded product such as the Heritage Visa credit card;
• advisers or agents which may include lawyers, mortgage brokers, real estate agents, financial advisers, insurance companies, executors, administrators, trustees, or attorneys;
• CRBs, debt collecting agencies, document verification services, your guarantors, or insurers of a security property;
• lenders mortgage insurers (if insurance is required because the amount you borrow exceeds a certain percentage of the security property’s value);
• parties involved in what is known as ‘securitisation’, under which we sell a pool of home loans. These third parties include trustees of securitisation arrangements, lenders mortgage insurers, investors, and their advisers;
• other financial institutions, merchants, and payment organisations; and
• The Australian Financial Complaints Authority (AFCA), the Office of the Australian Information Commission (OAIC) and other relevant external bodies who deal with disputes.

We may also disclose your personal information (including credit information and credit eligibility information) to third parties in circumstances where:

• HPC must fulfill legal obligations (for example, disclosure to Australian (and international) enforcement bodies such as the Australian Securities and Investments Commission (ASIC), the Australian Taxation Office (ATO), the Australian Transaction Reports and Analysis Centre (AUSTRAC), Centrelink or the Courts) or where you are under 16 or have special needs your information may be shared with your parent, legal guardian or any person appointed to manage your affairs;
• it is in the public interest (that is, to protect HPC’s interests or where we have a duty to the public to disclose, or where it is necessary in proceedings before a court or tribunal), where we reasonably consider it to be in your interests or where a crime or fraud is committed or is suspected;
• it is for the purposes of preventing or managing the risks associated with a communicable disease (for example, COVID-19). In these circumstances, personal information (including sensitive information) may be used or disclosed for these purposes including tracing individuals, notifying individuals who may have been exposed and advising relevant Government authorities and agencies;
• it can be reasonably inferred from the circumstances that you consent to your personal information being disclosed to a third party; or
• HPC is permitted or compelled by law to disclose the information.

Your personal information may be sent outside Australia where, for example:

• you have requested or consented that we send your personal information;
• HPC outsource a function or service to an overseas contractor with whom HPC have a contractual arrangement; or
• it is necessary to investigate or facilitate a transaction on your behalf.

We will not send your personal information outside Australia unless it is authorised by law, and we are satisfied that the recipient of the personal information has adequate data protection arrangements in place. Overseas organisations may be required to disclose information we share with them under a foreign law.  In those instances, we will not be responsible for that disclosure. The countries to which we are likely to disclose your personal information include New Zealand, Singapore, India, China, United Kingdom, Japan, France, Philippines, Canada, Germany, the Netherlands, and the US.

If you would like to access, update, or request a correction to your personal information held by us you can do so using any of the methods listed under “How to contact us.”

You may request access to your personal information (including credit information and credit eligibility information) held by us at any time. Prior to providing you with access to your information we may require you to establish your identity. We are able to deny access to some or all of your personal information in specified circumstances but will provide the reasons in writing.  In some cases we may charge a fee to access personal information for example when it has been archived, but we will advise you first.

It is important that you advise us as soon as possible if there is a change to your personal information that needs updating. If you have new contact details (such as postal address, email address or telephone numbers) you should let us know immediately.  You may request that we correct any personal information (including credit information and credit eligibility information) we hold about you at any time.  If your request relates to credit related information provided by others, we may need to consult with credit reporting bodies or other credit providers.

If you wish to make a complaint regarding the handling of your personal information you can let us know by:

• Phoning us on 1800 797 799 (free call)
• Emailing us at complaints@heritage.com.au
• Visiting your nearest Heritage Bank branded branch and talking to our staff
• Writing to us at PO Box 190, Toowoomba QLD 4350
• Using the online form at heritage.com.au/complaints

Your complaint will be managed in accordance with our Complaint Management Promise, which includes information about accessibility options, and is available on our website at heritage.com.au or by contacting us.

We will acknowledge your complaint promptly, either verbally or in writing and do our best to resolve it straight away.  We aim to resolve all complaints within 21 days, however in some cases it may take up to 30 days.  Your complaint may take a little longer to assess if we need more information or if your complaint is complex.  In all cases we’ll keep you updated on the progress.

If you are not satisfied with our response, you may request a review by the Australian Financial Complaints Authority (AFCA).  AFCA provides free and independent financial services complaint resolution.

You may also obtain further information about privacy or refer a privacy complaint by contacting the Office of the Australian Information Commissioner:

The Office of the Australian Information Commissioner 
GPO Box 5218
Sydney NSW 2001
Ph: 1300 363 992
Website: www.oaic.gov.au
Email: enquiries@oaic.gov.au

Should you have any concerns or if you would like further information regarding the handling of your personal information you can get in touch using any of the following methods:

Changes to this Policy

We can make changes to this policy at any time and the latest version will always be available online and in our branches.

Our employees and contractors

Where you apply to work with HPC as an employee or contractor, HPC may use your personal information for the purpose of understanding your qualifications, experience and suitability for employment or a contract, and otherwise assessing your application. 

HPC collect information in relation to employees as part of their application and during the course of their employment, either from them or in some cases from third parties such as recruitment agencies.  This may include information about the employee’s health, their right to work in Australia, or other sensitive information.  For some roles, employees may need to provide a criminal history search.

Under the Privacy Act, personal information about a current or former employee may be held, used, or disclosed in any way that is directly connected to the employment relationship.  HPC handle employee information in accordance with legal requirements and applicable policies in force from time to time.

Where HPC engage you as a contractor, we use your personal information to manage the working relationship with you, to communicate with you, and for other purposes relevant to the work for which you are engaged.