www.commbank.com.au
Open in
urlscan Pro
2.16.204.140
Public Scan
Submitted URL: https://www.commbank.com.au/security-privacy/general-security/privacy.html
Effective URL: https://www.commbank.com.au/support/privacy.html
Submission: On January 12 via api from UA — Scanned from PL
Effective URL: https://www.commbank.com.au/support/privacy.html
Submission: On January 12 via api from UA — Scanned from PL
Form analysis 0 forms found in the DOM
Text Content
Skip to main content Skip to log on Skip to search Accessibility at CommBank
*
* Banking
* Home loans
* Insurance
* Investing & super
* Business
* Institutional
* CommBank Yello
*
* Log on
* NetBank log on
* CommBiz log on
* CommSec log on
* Banking
* Home loans
* Insurance
* Investing & super
* Business
* Institutional
* CommBank Yello
--------------------------------------------------------------------------------
* Locate us
* Help & support
CommBank Search. Dialog start.
Search CommBank. Type search term then press Enter.
POPULAR SEARCHES
* Travel insurance
* Foreign exchange calculator
* Discharge/ Refinance authority form
* Activate a CommBank card
* Cardless cash
* Interest rates & fees
* Help & support
* Locate us
* Contact us
CommBank support / Group Privacy Statement
GROUP PRIVACY STATEMENT
We take our responsibility to protect your privacy very seriously. We apply
strict security and privacy controls to the way we handle your personal
information.
* About this statement
* Collection, use & sharing
* Securing your information
* Your credit information
* Accessing your information
* We’re here to help
About this statement
1. ABOUT THIS PRIVACY STATEMENT
* Each member of the CommBank Group collects and handles your personal
information in accordance with its legal obligations, including those under
the Privacy Act 1988 (Cth).
The Commonwealth Bank of Australia and its subsidiaries (the CommBank Group)
provide or distribute a wide range of banking, finance, insurance, funds
management, financial planning and advice, superannuation, stockbroking and
other services.
This Statement describes how your personal information and credit information
is collected and handled by the following members of the CommBank Group:
* the Commonwealth Bank of Australia
* Commonwealth Securities Limited (CommSec)
* Commonwealth Private
* CBA Services Private Limited
* our international branches in China, Hong Kong, Tokyo (Japan), Singapore,
London (United Kingdom), New Zealand and New York (the United States of
America)
* Commonwealth Bank of Australia (Europe) NV.
If you are located in the European Economic Area or the United Kingdom, or if
you are a customer of our China, Hong Kong, Singapore or Tokyo branches, you
may have additional rights. See additional rights at the end of this page for
more information.
Collection, use & sharing
2. COLLECTION, USE AND SHARING
* 2A. WHAT INFORMATION DO WE COLLECT?
We collect your personal information directly from you most of the time,
however on occasion, we may also collect information about you from other
people and organisations.
We collect personal information when you:
* enquire about, apply for, or use our products or services
* contact us to make an enquiry or give us feedback
* visit our website or use our digital services
* participate in other activities we offer, such as competitions or surveys
* talk to us or do business with us.
While we are required to collect some types of personal information to meet
our legal obligations, we do attempt to keep our collection of your personal
information to what is necessary to offer you the products and services you
require. Depending on those products and services, or your interactions with
the members of the CommBank Group, we may collect the following types of
personal information:
Types of personal information
What kinds of personal information might be involved
Personal and contact details
This may include your name, address, email address, phone number, and date of
birth.
Australian Government related identifiers and identity documents
These may include your:
* Tax File Number and country of tax residency
* Medicare card, Australian passport, driver licence, or pension card details
* Securityholder Reference Number (SRN) or Holder Identification Number (HIN)
* citizenship, birth, death and marriage certificates (for example, to verify
your identity).
Foreign government identifiers and identity documents
This may include foreign government identity documents and identifiers such as:
* tax identification number and country of tax residency
* foreign passport and driver licence (for example, to verify your identity at
the time you request a product or service).
Financial information
This may include:
* details of your employment, income, assets, financial liabilities
* copies of bank statements and credit card statements from other financial
institutions
* information from third parties about your credit history and insurance claims
history.
Credit information
See Credit Reporting (Your credit information, Section 4) for the types of
credit information that we collect.
Transaction information
This includes information about transactions that you have made using our
products and services or in relation to CommBank Group securities. For example,
your credit card transactions or ATM (Automatic Teller Machine) withdrawals, or
payee details.
Socio-demographic information
This may include your marital status, age, gender, number of dependents,
occupation and nationality, for example when you apply for a home loan.
Interaction information
This includes details of your interactions with us, such as when you visit a
branch, call us, use our online services (such as Netbank, CommBiz or CommSec),
make an enquiry, provide feedback, or make a complaint.
Digital information
We collect information from you electronically when you use our online
services (such as NetBank, CommBiz, CommSec or our CommBank App). This includes
information such as:
* location information (if enabled on your device)
* IP address
* information about the electronic devices (computers, mobile phones or
tablets) you use to access our platforms and how you use them, including
details relating to your devices, their operating systems, browsers, other
installed applications and settings
* details of the wi-fi network or mobile network used by your device
* type of authentication used (for example touch ID or face ID)
More information about the digital information we collect is available in the
Privacy Collection Notice for NetBank and the CommBank app. Importantly, we do
not link this information to you unless we need to access these details for
fraud or security reasons. Find out more about the types of cookies we use and
why.
Behavioural information
This includes information that we generate about how you use our products and
services. For example, if you use our banking services, we may generate
information about your spending patterns so we can help you manage your money.
Call recordings
On occasion, we monitor and record our calls with you. We will let you know if
we are doing this.
Camera surveillance
For the safety of our staff and customers, we use camera surveillance, such as
CCTV, to monitor CommBank premises.
Sensitive information
On occasion, we collect and handle sensitive information. This may include:
* health information (where this is relevant to an insurance policy, claim or
if you're in financial difficulty and ask for hardship relief due to illness)
* race or ethnicity (for example we may ask you what language you speak if you
request a translator to communicate with us)
* criminal history and political affiliation, where it is relevant for our
regulatory and/or legal obligations
* Biometric information (such as fingerprints or face), where this information
is Collected and Used for the purpose of automated biometric verification,
biometric identification, or behavioural profile information (such as your
keystroke typing patterns or scrolling or swiping activity) while you
interact with us digitally, to detect suspicious financial and cyber
activities, including fraud.
Information about your personal circumstances
On occasion, we may ask you to provide information about your personal
circumstances so we can support you during any financial difficulties. This may
include:
* information about significant life events (such as a relationship breakdown
or a death in the family)
* information about family and domestic violence
* where you have been impacted by an emergency event or a natural disaster
* any unexpected changes to your financial situation (such as losing a job or
incarceration)
* details of injury, illness, gambling or addiction.
Publicly available information
On occasion, we may collect and handle information that is in the public domain,
such as from:
* online forums, websites, Facebook, Twitter, YouTube or other social media
(for example, if you use social media to make a complaint)
* public registers (for example, those kept by the Australian Securities and
Investments Commission or Land Registry Services).
See ‘Who do we share your information with?’ (Collection, use & sharing, Section
2C) for details of third parties we may share information with.
* 2B. HOW DO WE USE YOUR INFORMATION?
We use your information to deliver our products and services. We also use
your information for other reasons, such as to better understand you, your
needs, and to let you know about other products and services you might be
interested in.
Here is a list of the ways we may use your personal information.
Purpose
How we use your personal information
Serving you as a customer
We use your information to deliver our products and services including to:
* assess and process your applications for products and services
* administer and manage existing products or services you have with us
* manage our relationship with you or your business
* improve our service to you and your experience with us
* communicate with you or your representatives about our products and services
* let you know about other products and services that may be of interest to you
* respond to your enquiries about our products and services, including with
GenAI.
Improving our business
We use your information to improve the products and services we provide through
activities such as:
* reviewing customer feedback and assessing how you use our products and
services
* testing and validating the effectiveness of products, services and system
enhancements
* monitoring and reviewing call recordings, online chats and other business
activity for quality assurance, training and compliance purposes
* we may also use any information you provide through our online chat to
improve our automated responses generated with GenAI.
Managing our operations
We use your information to manage our operations including to:
* deliver our products and services
* make and manage customer payments and transactions
* manage fees, charges and interest due on your products and services
* collect and recover money that is owed to us, this may be done through third
party debt collectors and debt purchasers
* respond to complaints and seek to resolve them
* manage our share register and security holder records.
Managing security, risk and crime prevention
We use your information to:
* prevent, detect and investigate suspicious or fraudulent activities
* We may also use payee details collected as part of transactions to further
provide additional fraud prevention measures, and systems
* monitor our properties, for example using camera surveillance to ensure the
safety of our people and customers
* investigate health and safety incidents involving our people and customers
* support the management of our information security and network controls to
prevent cyber-attacks, unauthorised access and other criminal or malicious
activities.
To comply with our legal obligations
Where required, we use your personal information to comply with the law,
including our regulatory obligations, including to:
* confirm your identity
* share relevant information with law enforcement agencies, tax authorities and
other regulatory bodies
* screen applications and monitor accounts to identify criminal activity such
as fraud, terrorist financing, bribery, corruption and money laundering
* investigate financial crime.
Managing our business
We use your information to run our business in an efficient and proper way. This
includes managing our financial position, business capability and planning,
testing systems and processes, as well as managing communications, corporate
governance, and audit.
Performing analytics activities
Sometimes we combine information we have about you and our other customers, for
example transaction information, with data from other sources, such as third
party websites or the Australian Bureau of Statistics. We use this information
to:
* help us understand trends in customer behaviour including how products and
services are used
* improve the products and services we offer
* improve the quality of our data
* develop products and services that better meet our customers’ needs and
behaviours
* understand and manage our risks better.
De-identifying information
Sometimes we de-identify your personal information, for example demographic
profile information, transaction information, loan and repayment information
(including security information), loan application information and savings
information that we hold and use this to:
* provide insights and analytics services to and,
* share de-identified information with businesses and government
These services help businesses to learn about general characteristics of groups
of customers, their general spending patterns, as well as spending behaviour and
market share. They also help businesses to refine their marketing and targeting
strategies. They help to provide economic and social insights, including to
government. See an example of how we use data in this way and some of the
privacy treatments we use to de-identify personal information.
Sales or acquisitions
We may also use your personal information to support any changes to the
ownership of products or services or the make-up of the CommBank Group. For
example, we may:
* sell, transfer, or merge parts of our business, or our assets, including
products or services
* bring other businesses into the CommBank Group
* stop providing a particular product or service.
When we do this, we may share your personal information with other members of
the CommBank Group or other parties involved, where appropriate.
Determine your eligibility for credit
See Credit Reporting (Your credit information, Section 4) for how we use your
credit information.
We may also collect, use and share your information for other reasons where the
law allows or requires us to.
Direct marketing
From time to time, we may also use your personal information to tell you about
products and services we think may be of interest and value to you, but we will
stop if you tell us to.
We may contact you by various means, including by mail, telephone, email, SMS or
other electronic means, such as through social media or targeted advertising
through CommBank websites or through our online banking services.
If you do not want to receive direct marketing offers from us, you can opt-out
by:
* updating your message preference settings in your online services (such as
Netbank, CommBiz or CommSec)
* contacting us using the details in Further Information, Section 6a.
We may first require you to log into your NetBank account or otherwise identify
yourself.
* 2C. WHO DO WE SHARE YOUR INFORMATION WITH
We may share your information with third parties for the reasons mentioned in
How do we use your information? (Collection, use & sharing, Section 2b), or
where the law otherwise allows or requires us to.
The types of third parties are listed below.
Type of third party
Description
Other members of the CommBank Group
We may share your information between members of the CommBank Group. You can
read about how CommBank Group members may use your information in How do we use
your information? (Collection, use & sharing, Section 2b).
Authorised Third Parties
We may share information with third parties where you have authorised us to do
so or where we are legally required. They include:
* third parties that you have authorised to act for you (such as accountants,
financial counsellors, legal representatives, agents, mortgage brokers,
financial advisors, or a person with Power of Attorney)
* your parent or legal guardian (if you are under 14 years)
* guarantors and other security providers.
Third Parties that can verify your information
This includes organisations that can verify information that you have supplied
when applying for a product or service, or making a claim, including:
* your employer, to verify your employment status
* your doctor, to verify your medical history
* other banks and financial institutions that you may have products and
services with.
* commercially available third party databases
* credit reporting bodies and credit providers (see Your credit information,
Section 4).
Our Service Partners
We may share your information with our service partners, external service
providers and other organisations that help us to supply products and services.
These include:
* organisations that we partner with to supply products and services, for
example, payment and shopping services, mortgage insurers, loyalty program
partners and our product distributors.
* external service providers that we engage to do some of our work for us, for
example mailing houses, debt recovery agencies, legal service providers and
information technology, cloud service providers and market research
companies.
* external technology service providers that support GenAI (such as Microsoft).
* people who help us process applications and claims (like assessors and
investigators).
* organisations involved in our funding arrangements (like loan purchasers,
investors, advisers, researchers, trustees and rating agencies).
* auditors, insurers and re-insurers
* organisations that assist us to identify, investigate or prevent fraud or
other misconduct.
* our share registry service provider
* Organisations that provide us with information, including publicly available
information, so we can tell you about products and services we think may be
of interest and value to you (for example, property insights services). If
you do not wish for your information to be used in this way you can tell us
by opting out of receiving direct marketing communications (see 2b. Direct
Marketing).
Strategic Referral Partners
We may share your information, with external parties with whom CBA has entered
into strategic alliance or referral arrangements to enable you to inquire about
the services or products they offer.
A product refers to any offering of features and benefits to a Customer.
This may include products that allow a Customer to:
* make a financial investment (e.g. a share);
* borrow money (e.g. credit cards, loans or bonds);
* save money (e.g. term deposits);
* manage financial risk (e.g. insurance); or
* facilitate payments (e.g. BPay, clearing and settlement facilities).
Other financial services organisation
We may collect and share your information with other banks, third party payment
providers, superannuation funds and financial services providers to provide you
services, for example to process your transactions, facilitate payment reversals
and provide refunds.
Government and law enforcement agencies
We may share your information with regulatory bodies, government agencies and
law enforcement bodies to comply with our legislative or regulatory obligations
in any of the jurisdictions where we operate.
Sending information overseas
Sometimes, we may send your information overseas, including to:
* CommBank Group members that are located in China, India, Hong Kong,
Singapore, Japan, the United Kingdom, the Netherlands, New Zealand and the
United States of America
* service providers or third parties who store data or operate outside
Australia
* complete international transactions, such as currency exchanges
* organisations we partner with to provide products and services
* comply with laws and help government or law enforcement agencies.
If we do this, we make sure there are appropriate privacy, data handling and
security arrangements in place to protect your information.
Securing your information
3. SECURING YOUR INFORMATION
* 3A. KEEPING YOUR INFORMATION SAFE
Our staff are trained in how to keep your information safe and secure. We use
secure systems and buildings to hold your information. We aim to only keep
your information for as long as we need it.
We store your hard copy and electronic records in secure buildings and
systems or using trusted third parties. We use a range of physical,
electronic and other security measures to protect the security,
confidentiality and integrity of the personal information we hold about you.
We aim to keep personal information only for as long as we need it – for
example for business or legal reasons. When we no longer need information, we
take reasonable steps to destroy or de-identify it.
Your credit information
4. YOUR CREDIT INFORMATION
* We collect credit information about you when you apply or use our credit
related products or services. We may also collect credit information about
you from credit reporting bodies (such as Equifax).
WHAT IS CREDIT INFORMATION?
Credit information is personal information that is about credit that has been
provided to you or that you have applied for. This includes credit for
personal purposes and credit in connection with a business. It can also cover
information about you as a guarantor of a loan or as an insured party under a
credit related insurance policy.
TYPES OF CREDIT-RELATED INFORMATION WE COLLECT, HOLD AND DISCLOSE
We collect credit information directly from you or your representative when
you apply for a credit related product or service, like a credit card. We
also collect credit information about you from third parties, including
credit reporting bodies (such as Equifax) or other credit providers (such as
another bank).
The types of credit information we collect and handle are set out below.
Identification information
This includes your name (including any aliases), gender, date of birth,
driver licence number, current and most recent past addresses, as well as
current and most recent past employers.
Consumer credit liability information
This is information about any accounts that you currently have open or may
have had in the past. It includes the type of account, the open and/or close
date, as well as the credit limit.
Repayment history
This includes a history of your repayments, including whether you have made
payments when due, and if not, when overdue payments have been made.
Financial Hardship Information
This includes information about agreed financial hardship arrangements that
you may have with us or our credit providers, both temporary and permanent.
Financial hardship information will be recorded with the repayment history
information.
Default information
Details of any defaults or serious credit infringements.
Public information
Public record information such as:
* court judgments
* directorship and business proprietorship details
* bankruptcy, debt agreement and personal insolvency.
Information about credit worthiness
Information about your credit worthiness such as credit scores, credit risk
ratings, summaries and evaluations.
WHY WE COLLECT AND HANDLE YOUR CREDIT INFORMATION
When you apply to us for credit or propose to be a guarantor, we need to know
if you’re able to meet repayments under your agreement with us. We also want
to avoid giving you further credit if this would put you in financial
difficulty.
We use credit information to:
* confirm your identity
* assess your credit applications and your ability to manage credit
* manage credit provided to you
* assist you to manage your credit related obligations and to consider any
financial hardship requests
* derive scores, ratings, summaries and evaluations relating to your credit
worthiness which are used in our decision-making processes and ongoing
reviews
* help us collect overdue payments
* share information with credit reporting bodies, where the law permits us
to do so.
HOW DO WE HOLD CREDIT INFORMATION?
We keep your credit information with your other information. In some cases,
we may need to share some of your information with organisations outside
Australia (see Collection, use & sharing, Section 2c).
MORE INFORMATION
It is important that we hold accurate credit information about you. To access
or correct your credit information, please contact us (see Further
Information, Section 6a).
You can also contact us to make an enquiry or complaint about the collection
and handling of your credit information.
* CREDIT REPORTING BODIES
If you apply for credit or offer to act as a guarantor, we may collect or
share your information with a credit reporting body. This information is used
to determine your eligibility for credit.
When we request information about you from a credit reporting body, we will
need to share some of your personal or credit information with them, your
consent is not required for us to share that information in relation to a
consumer credit application.
Credit reporting bodies include a record of our request for your information
(called a credit enquiry) in their reports to help other credit providers
assess your credit worthiness (such as when you apply for a credit card or a
loan) and may also use the information when they calculate your credit score
or rating. In some circumstances your credit score or rating may be
negatively impacted by these credit enquiries, such as where numerous credit
enquiries have been recorded by a credit reporting body over a short period
on their report about you.
We can also ask credit reporting bodies to give us your overall credit score
and may use credit information from credit reporting bodies together with
other information to arrive at our own assessment of your ability to manage
credit.
Direct marketing: Credit providers like us can ask credit reporting bodies to
use your credit information to pre-screen you for direct marketing purposes.
You can contact the credit reporting bodies if you want to stop your credit
information being used for this purpose.
Preventing identity fraud: If you think you have been, or could be, a victim
of fraud you can ask the credit reporting body not to use or give anyone your
credit information.
We collect from, and share information with, the following credit reporting
bodies. For more information about how they handle credit reporting
information they hold about you, please visit their websites.
* Equifax Pty Ltd
* Experian Australia Credit Services Pty Ltd
* Illion Australia Pty Ltd
Accessing your information
5. ACCESSING YOUR INFORMATION
* 5A. ACCESSING, UPDATING AND CORRECTING YOUR INFORMATION
You can contact us and ask to view your information. For more detailed
information, we may ask you to fill out a request form. If your information
isn’t correct or needs updating, let us know straight away.
How can I access my information?
You can ask us for a copy of your information, like your statements or
transaction history, by visiting a branch, going online (such as Netbank,
CommBiz or CommSec) or calling us (see Further Information, Section 6a). To
get a copy of the credit information we have about you, you can visit a
branch or call us.
If you would like more detailed information, please fill out the Request for
Access to Personal Information Form (PDF).
How will we handle you request?
There is no fee to ask for your information, but sometimes we might charge a
fee to cover the time we spend gathering the information you want. If there’s
a fee, we’ll let you know how much it is likely to be, so you can choose if
you want to go ahead.
We try to make your information available within 30 days after you ask us for
it.
In some cases, we can refuse access or only give you access to certain
information. For example, we might not let you see information that involves
other people. If we do this, we will write to you explaining our decision.
Can you correct or update your information?
It’s important that we have your correct details, such as your current home
address, email address and phone number. You can check or update your
information at any branch, via your online services (such as Netbank, CommBiz
or CommSec) or by calling us (see Further Information, Section 6a).
If you think your personal or credit information is incorrect, contact us to
investigate the issue (see Further Information, Section 6a).
We’ll try to respond to your request within 30 days. If we can’t, we’ll let
you know why it’s taking longer.
If we don’t think the information needs correcting, we’ll write to let you
know why. You can ask us to include a statement with the information that
says you believe it is inaccurate, incomplete, misleading or out of date.
We’re here to help
6. FURTHER INFORMATION
* 6A. CONTACT US
If you need more information, want to access or update your personal
information or if you have a privacy concern, please contact us using the
contact details below.
Personal banking
Message us in the CommBank app or call 13 2221, 8am - 8pm (Sydney/Melbourne
time)
Overseas? Call +61 2 9999 3283
Business banking
Call 13 1998 any time
Overseas? Call +61 2 9009 0593
CommSec
Call 13 1519
Commonwealth Private
Call 1300 362 081
Overseas? Call +61 2 9115 1417
8am - 7pm, Monday - Friday (Sydney/Melbourne time)
Access for hearing or speech impaired customers
TTY number: Call 133 677 then ask for 13 2221
SMS Relay: Text 0423 677 767 (for more info, visit the National Relay
Service)
Voice Relay number: Call 1300 555 727 then ask for 13 2221
Visit your nearest CommBank branch
Find a branch
CONTACT OUR INTERNATIONAL PRIVACY OFFICERS
If you’re a customer of our international branches, you can contact us on the
details below.
China
The Data Privacy Officer
Commonwealth Bank of Australia, Shanghai and Beijing Branches
Mailing Address: RM 43-031 Hang Seng Bank Tower, No. 1000 Lujiazui Ring Road,
Pudong, Shanghai.
Telephone: +86 21 61238900
Hong Kong
The Data Privacy Officer
Commonwealth Bank of Australia, Hong Kong Branch
Mailing Address: Suite 1401, One Exchange Square, 8 Connaught Place, Central,
Hong Kong
Telephone: +852 2844 7500
Fax: +852 2845 9194
Japan (Tokyo)
The Data Privacy Officer
Commonwealth Bank of Australia, Tokyo Branch
Mailing Address: 13F, Muromachi Furukawa Mitsui Bldg 2-3-1, Nihonbashi
Muromachi, Chuo-ku, Tokyo 103-0022 Japan
Telephone: +81 03 5400 7857
Email: Takao.Uehara@cba.com.au
Singapore
The Data Privacy Officer
Commonwealth Bank of Australia, Singapore Branch
Mailing Address: 38 Beach Road, #07-11 South Beach Tower, Singapore 189767
Email: dpo@cba.com.au
New Zealand
Group Chief Privacy Officer
Email: GroupPrivacyOffice@cba.com.au
* 6B. MAKING A PRIVACY COMPLAINT
If you have a concern or complaint about how we have handled your personal
information (including your credit information), let us know and we’ll try to
fix it. If you’re not satisfied with how we respond to your complaint about
how we’ve handled your personal information, there are other things you can
do.
How can you make a complaint?
To make a complaint, contact one of our staff or customer service teams
(see Further Information, Section 6a). We’ll look into the issue and try to
fix it straight away.
If you’ve raised your concern with one of our staff and are not satisfied,
you can contact our Customer Relations team:
CBA Group Customer Relations
Webform
https://www.commbank.com.au/support/compliments-and-complaints.html
Phone
1800 805 605
+61 2 9687 0756 from overseas
8am - 6pm, 7 days a week (Sydney/Melbourne time)
Mail
Reply Paid 41, Sydney NSW 2001
If you would like further information on how we handle complaints, please
visit how we manage complaints page.
What else can you do?
If you’re not satisfied with our response after you’ve been through our
internal complaints process, you can lodge a dispute through the Australian
Financial Complaints Authority (AFCA), our external dispute resolution
provider.
AFCA provides consumers and small businesses with fair, free and independent
dispute resolution for financial complaints.
Australian Financial Complaints Authority
Visit: www.afca.org.au
Email: info@afca.org.au
Phone: 1800 931 678 (free call)
Mail: Australian Financial Complaints Authority, GPO Box 3, Melbourne VIC
3001
You can also contact the Office of the Australian Information Commissioner if
your complaint is about your privacy or how we handled your credit
information.
Office of the Australian Information Commissioner
Visit: oaic.gov.au
Email: enquiries@oaic.gov.au
Phone: 1300 363 992
Mail: GPO Box 5288, Sydney NSW 2001
7. ADDITIONAL RIGHTS
* ADDITIONAL RIGHTS IN ASIA
Customers of our Singapore Branch
Additional rights for customers of our Singapore Branch are set out in the
Singapore Branch Privacy Notice. You may request a copy of this Notice, or
further information relating to your rights, by contacting the Singapore Data
Privacy Officer (see Further Information, Section 6a).
Customers of our Tokyo Branch
Additional rights for customers of our Tokyo Branch are set out in the
Commonwealth Bank of Australia, Tokyo Branch Privacy Policy Statement (PDF).
Customers of our China Branch
Additional rights for customers whose personal information will be collected,
processed, stored, transmitted, disclosed and used by Commonwealth Bank of
Australia in China is set out in our China Branch Privacy Notice.
Customers of our Hong Kong Branch
Additional rights for customers of our Hong Kong Branch are set out in the
Commonwealth Bank of Australia, Hong Kong Branch Privacy Policy Statement
(PDF), and the Hong Kong Branch Privacy Notice.
ADDITIONAL RIGHTS FOR INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA AND
UNITED KINGDOM
The European Union (EU) and the United Kingdom (UK) have local data
protection laws, such as the EU General Data Protection Regulation (GDPR) and
United Kingdom General Data Protection Regulation (UK GDPR), which give more
rights to individuals located in the European Economic Area (EEA) and the UK
and more obligations to organisations holding their personal information.
If you are a customer of our UK branch or our bank in Netherlands, that
organisation will be a “controller” of your personal information, which means
it is responsible for compliance with the GDPR or UK GDPR as applicable.
In this Appendix, “personal information” means any information relating to an
identified or identifiable natural person.
Under the GDPR and UK GDPR, personal information must be processed in a
lawful, fair and transparent manner. This means we must provide you with more
information about how we collect, use, share and store your personal
information and information about your rights in data protection law. We
have set out below this information, which is in addition to certain other
information provided in the Group Privacy Statement above.
If you are located in the UK or EEA and have an enquiry relating to your data
protection rights, please contact myprivacyrequest@cba.com.au.
WHAT PERSONAL INFORMATION DO WE COLLECT?
For details of what personal information we collect, please refer to Section
2 (Collection, use and sharing) above.
If we require certain information for our contract with you or because it is
legally required and you do not provide this to us, we may not be able to
offer you products or services, or perform our contract with you.
Special categories of personal information
Personal information about your racial or ethnic origin, political opinions,
religious or philosophical beliefs, trade union membership, biometric data
(for example your fingerprints), or data concerning your health, sex life or
sexual orientation is subject to additional requirements.
If we process this personal information about you, we will only process this
with your consent or where otherwise lawfully permitted.
How long we keep your personal information
We will keep your personal information while you are a customer. We keep your
personal information for only as long as we need it for the relevant purpose.
We generally keep your personal information for up to 7 years after you stop
being a customer but we may keep your personal information for longer for the
following purposes:
* To fulfil legal or regulatory obligations
* For internal research and analytics
* To respond to a question or complaint
HOW WE USE YOUR PERSONAL INFORMATION
We can collect and use your personal information for the purposes noted above
in Section 2 (Collection, use and sharing). We must have a valid lawful
ground to process your personal information, which may be one of the
following lawful grounds:
* Contract: We need to process your personal information in order to fulfil
a contract you have with us, or because you have asked us to take specific
steps before entering into a contract.
* Legal or regulatory obligations: We need to process your personal
information for us to comply with applicable law or regulations (not
including contractual obligations).
* Legitimate interests: We need to process your personal information for our
legitimate interests or the legitimate interests of a third party unless
there is a good reason to protect your personal information which
overrides these legitimate interests.
* Consent: We may (but usually do not) need your consent to use your
personal information for a specific purpose.
The purposes for which we use your personal information, lawful grounds we may
rely upon are as follows:
How we use your personal information
Lawful grounds we may rely upon
Serving you as a customer
* To perform and fulfil contracts
* To meet our legal duties
* For legitimate interests to enable us to perform our obligations and to
provide our services to you
Improving our business
* We have your consent
* For legitimate interests to improve the products and services we offer,
improve the quality of our data, develop products and services that better
meet our customers’ needs and behaviours, and understand and manage our risks
better
Managing our operations
* To perform and fulfil contracts
* To meet our legal duties
* For legitimate interests to enable us to perform our obligations and to
provide our services to you, to manage our risks better, and to run our
business in an efficient and proper way
Managing security, risk and crime prevention
* To meet our legal duties
* For legitimate interests of fraud prevention and prevention of other crime,
ensuring security of our network and systems and legal claims and proceedings
To comply with our legal obligations
* To meet our legal duties
* For legitimate interests of compliance with applicable non-UK / non-EU laws
Managing our business
* To perform and fulfil contracts
* To meet our legal duties
* For the legitimate interests to run our business in an efficient and proper
way, including managing our financial position, business capability and
planning, testing systems and process, as well as managing communications,
corporate governance, and audit
Performing analytics activities
* For legitimate interests to help us understand trends in customer behaviour
including how products and services are used, improve the products and
services we offer, improve the quality of our data, develop products and
services that better meet our customers’ needs and behaviours, and understand
and manage our risks better
De-identifying information
* For legitimate interests to provide insights and analytics services to other
organisations, to share de-identified information with other organisations,
which help organisations learn about the types of customers they have and
their general spending patterns
Sales and acquisitions
* For legitimate interests to support any changes to the ownership of products
or services or the make-up of the CommBank Group
Determine your eligibility for credit
* To perform and fulfil contracts
* To meet our legal duties
* For legitimate interests to enable us to assess your eligibility and
affordability prior to potentially issuing credit
To market our goods/services to you
* We have your consent
Who do we share your information with?
We may share your personal information with other organisations within our Group
or third parties as set out in Section 2 (Collection, use & sharing).
Profiling and automated decision making
We may use systems to make automated decisions (including profiling) based on
personal information we have collected from you or obtained from other sources
such as credit reporting bodies. These systems can evaluate your personal
circumstances and other factors to predict risk or outcomes.
Our credit approval process relies on automated analysis of personal information
provided by you in the application process, alongside that received from credit
referencing agencies and fraud prevention agencies, to make the following
decisions:
* eligibility – whether it is appropriate to offer you credit or a loan;
* affordability – the maximum value of the credit or loan (ie, the credit
limit); and
* the term of the credit or loan.
These automated decisions can affect the products or services we offer you. For
example, we may decide not to offer all or some our products or services to you,
or we may decide how much to charge you, based on credit history and other
financial information about you.
You have certain rights in relation to automated decision making and profiling,
which are set out below.
Sending information outside the UK/EEA
Recipients of your personal information may be located outside the UK or EEA as
described in Section 2 (Collection, use & sharing).
Where we transfer your personal information outside the UK or the EEA, we will
ensure that it is transferred in a manner consistent with legal requirements
applicable to the information, for example:
* we may put in place “standards contractual clauses” approved by the European
Commission with the recipient, which requires them to protect your personal
information; or
* the country to which we send the personal information may be approved by the
European Commission or UK; or
* applicable law may permit us to transfer outside the UK or EEA in other ways,
such as to perform a contract with you.
Please contact us if you would like more information about the appropriate
safeguards, including a sample copy of the standard contractual clauses,
relevant to the transfer of personal information.
Your rights
You have a number of rights in relation to the personal information that we hold
about you, although please note that in some cases, exceptions apply to the
exercise of these rights and so you may not be able to exercise them in all
situations.
You can exercise your rights by contacting myprivacyrequest@cba.com.au.
The right to be informed how personal information is processed
* You have the right to be informed how your personal information is being
collected and used.
The right to withdraw your consent if we are relying on it to handle your
personal information
* If we require your consent to process your personal information you can
withdraw consent at any time. If you withdraw consent, we may not be able to
provide certain products or services to you. The right to withdraw only
applies when the lawful basis of processing is consent.
The right of access to personal information
* You can access your personal information that we hold by
emailing: myprivacyrequest@cba.com.au
The right to rectification
* You have the right to question any personal information we have about you
that is inaccurate or incomplete. If you do, we will take reasonable steps to
check the accuracy and correct it.
The right to erasure
* You have the right to ask us to delete your personal information if there is
no need for us to keep it. You can make the request verbally or in writing.
There may be legal or other reasons why we need to keep your personal
information and if so we will tell you what these are.
The right to restrict processing
* You have the right to ask us to restrict our use of your personal information
in some circumstances. We may be able to restrict the use of your personal
information. In this situation we would not use or share your personal
information while it is restricted. This is not an absolute right and only
applies in certain circumstances.
The right to data portability
* In some circumstances you have the right to request we provide you with a
copy of the personal information you have provided to us in a format that can
be easily reused.
The right to object
* In some circumstances you have the right to object to us processing your
personal information.
Rights in relation to automated decision making and profiling
* We may use systems to make automated decisions (including profiling) based on
personal information we have collected from you or obtained from other
sources such as credit reporting bodies. These automated decisions can affect
the products or services we offer you. You can ask that we not make decisions
based on automated score alone or object to an automated decision and ask
that a person review the automated decision.
The right to lodge a complaint with a supervisory authority
* You have the right to complain to the regulator if you are not happy with the
outcome of a complaint.
See the ‘Regulator Contact Details’ section below for more information.
* The individual regulator websites will tell you how to report a concern.
Minors and children’s privacy
For certain services, we will seek parent or guardian consent to collect the
details of children under certain ages.
Regulator contact details
The UK data protection authority is:
Information Commissioner’s Office
Wycliffe House
Wilmslow
Cheshire SK9 5AF
UK
Visit: ico.org.uk
The Netherlands Data Protection Authority is:
Autoriteit Persoonsgegevens
Prins Causlaan 60
PO Box 93374
2509 AJ DEN HAAG / The Hague
Visit: https://autoriteitpersoonsgegevens.nl/nl
For other European jurisdictions please refer to the European Commission website
for details of the relevant data protection authorities.
THINGS YOU SHOULD KNOW
* Policy updated: 11 November 2024
During our relationship with you, we may tell you more about how we collect
and handle your information – for example, when you fill in an application
form or receive product terms and conditions. You should always read these
documents carefully.
Sometimes we update our Statement. You can always find the most up-to-date
version on our website.
Back to top
QUICK LINKS
* Security & scams
* Help & support
* Financial assistance
* Complaints & compliments
* Payment services availability
ABOUT US
* About CommBank
* Careers at CommBank
* Sustainability
* Newsroom
* Investor centre
IMPORTANT INFORMATION
* Accessibility
* Important documents
* Banking Code of Practice
* Cookies policy
* Privacy statement
CommBank acknowledges the Traditional Owners of the lands across Australia as
the continuing custodians of Country and Culture. We pay our respect to First
Nations peoples and their Elders, past and present.
©2025 Commonwealth Bank of Australia ABN 48 123 123 124 AFSL and Australian
credit licence 234945
Commonwealth Bank