This Privacy and Credit Reporting Policy (‘Privacy Policy’) explains how Queensland Country Bank Limited ABN 77 087 651 027 (“Queensland Country”, “we”, “us” or “our”) manage and protect your personal information, including your credit-related information, as well as our legal obligations and rights as to that information. If we agree with you to use or disclose your personal information in ways which differ to those stated in this Privacy Policy, the provisions of that agreement will prevail to the extent of any difference.

Our commitment

We value the importance of your personal information and your trust in us as a Member owned bank. We are committed to complying with our obligations under the Privacy Act 1988 (Cth) (‘Privacy Act’) which includes the Australian Privacy Principles (APPs) and obligations in Division 3 of Part IIIA of the Privacy Act, in addition to the Privacy (Credit Reporting) Code (‘the Privacy Laws’).

1. Meaning of personal information and other key terms used in this Privacy Policy

The following words when used in this Privacy Policy have the meanings given below.

Personal information means information or an opinion about you, (if you are an individual), where you can be identified, or can reasonably be identified, from that information, whether or not the information or opinion is true or not. Although we try to make sure that all information, we hold about you is accurate, including by periodically requesting that you to confirm your contact details, we also ask that you contact us to update any changes to your personal information.

Credit-related information is a type of personal information which includes credit information and credit eligibility information. Unless stated otherwise, a reference to personal information in this policy is also a reference to credit-related information.

Credit information means personal information that includes the following:

  • identification information: information such as your full name (including an alias or previous name), date of birth, gender, current or last known address and previous two addresses (if any), name of current or last known employer, or driver’s licence number;
  • consumer credit liability information: information relating to your consumer credit, such as the name of the credit provider, whether the credit provider has an Australian Credit Licence, the type of consumer credit, the day on which the consumer credit was entered into (and closed), the maximum amount of credit available and certain repayment terms and conditions;
  • repayment history information: a record of whether you made applicable consumer credit payments and whether such payments were paid on time;
  • financial hardship information: information about whether you were provided with a permanent or temporary arrangement due to hardship and, if so, whether you met the requirements of such an arrangement;
  • a record of the type and amount of credit you have applied for in any previous consumer or commercial credit applications to any credit provider (e.g. bank or non-bank lender), where that credit provider has requested information;
  • information about you from a credit reporting body;
  • default information: about any consumer credit payments overdue for at least 60 days where the overdue amount is $150 or more, and collection action has started;
  • payment information: a statement that payments that were previously notified to a credit reporting body as overdue are no longer overdue;
  • new arrangement information: if a credit provider gave a reporting body default information about you and the overdue amount is paid, a statement that the payments has been made;
  • court proceedings information: information about court judgments which relate to credit that you have obtained or applied for;
  • personal insolvency information: information that is entered or recorded in the National Personal Insolvency Index relating to your bankruptcy or your entry into a debt agreement or personal insolvency agreement;
  • publicly available information: a record relating to your activities in Australia and your credit worthiness (that is not court proceedings information or personal insolvency information; and
  • serious credit infringement: an opinion of a credit provider that you have committed a fraud relating to your consumer credit or that you have avoided paying your consumer credit payments and the credit provider can’t contact you.

We may not hold all of this type of information about you. However, if we hold any of this type of information, it is protected as ‘credit information’ under the Privacy Act.

Credit eligibility information means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about your creditworthiness (if you are an individual). This includes information that is, has or could be used, to determine your eligibility for consumer credit, such as your credit score (i.e. a calculation that indicates how likely a credit applicant will repay credit we may provide to them).

Sensitive information is personal information which includes your biometric information and health information. It also includes information or an opinion about your racial or ethnic origin; political opinions; membership of a political association; religious or philosophical beliefs; membership of a professional or trade association or union; and criminal record.

Biometrics means a biological measure or physical characteristic that can be used to identify you. For example, fingerprint, voice or facial recognition.

2. Collection of personal information

The types of personal information we collect

We will only ask for personal information (including credit-related information) relevant to our business relationship with you and we will inform you of the reason we are requesting your information when we collect it. The type of personal information we collect and hold about you may include:

• identification information
• information and documents to verify your identity (e.g. driver license or passport number)
• information about your financial position such as your income, savings, expenses, assets and liabilities, marital status and dependents, employment details, and any other credit arrangements;
• past-time information (e.g. information about your spending habits);
• credit-related information including credit information and credit eligibility information – as defined in this policy;
• your tax residency status, Australian tax file number (TFN), ABN, taxpayer identification number (TIN) (where applicable); 
• your citizenship or residency status;
• your occupation and source of income and/or wealth;
• passwords, passcodes and knowledge-based questions used for your account security;
• transaction and other information about the products and services held by you;
• information relating to complaints or enquiries you have made with us;
• your reasons for applying for a product or service;
• your employment details and work history, including the opinion of your referee(s) on your character and work performance (as part of our reference checking processes when you apply for employment with us)

Collection of sensitive information

Where it is necessary to do so, we may collect personal information about you that is sensitive information, as defined in this policy. This may include recordings of your voice (e.g. when engaging with our Contact Centre staff) or images of your face for identification purposes. We operate a closed-circuit television (CCTV) system, which may include cameras that are fixed at various locations, including our administration centres, branches (and the carparking areas that service these locations) and at our ATMs. By entering any of these sites your personal information, being your personal image may be captured by CCTV. When entering our carparking areas, depending on the location of the cameras, the registration number of your vehicle may also be captured.

We may also collect your health information, including where this information is relevant to your insurance or loan application, your application for financial hardship assistance and when providing distribution services in respect to health insurance understand an agreement with the private health insurer, Queensland Country Health Fund. When you apply for employment with us, we may also collect sensitive information as part of our screening procedures, including obtaining information concerning your criminal history, where applicable (e.g. through a police check provided by the Australian Federal Police, subject to your consent). Unless required or permitted by law, we will not collect your sensitive information unless you have given your consent.

How we collect personal information

Wherever it is reasonable and practicable to do so, we will only collect your personal information (including credit information) directly from you, unless you have provided your consent for us to obtain the information from another source. The kind of personal information we collect about you varies depending on the nature of this relationship. For example, we collect personal information about you when you apply for membership with us, apply for or use our products or services including (information provided in your application – whether paper based, phone or electronic), perform transactions with us, speak with us on the phone or in our branch, correspond with us in writing or via online, mobile or other messaging technology, participate in promotions or competitions we are running, use our electronic platforms (e.g. our website, internet banking platform, mobile application or social media channels), or apply for employment with us.

We may monitor and/or record telephone calls, emails and other communications for quality assurance and staff training purposes as well as to assist with our complaint handling and management process.

Collecting your personal information from third parties

We may also collect your personal information (including credit-related information) about you from third parties and other sources, including the following:

  • joint account or policy holders and co-borrowers
  • your referees and current and/or previous employer (e.g. when assessing your application for credit or your application for employment with us)
  • credit reporting bodies and on some occasions, other credit providers
  • your representatives (e.g. your solicitor, conveyancer, accountant, financial advisor, attorney, administrator, guardian or trustee)
  • organisations that check the security you are offering such as valuers;
  • organisations providing lenders’ mortgage insurance
  • other organisations who, together with us, provide products or services to you (e.g. persons who we arrange or distribute products on behalf of)
  • our third-party distributors (e.g. mortgage brokers)
  • third-party service providers including identity verification services, debt collectors, and our legal advisers
  • organisations with whom we have arrangements to assist us in connection with the detection, prevention and investigation of actual or suspected scam, fraudulent or other criminal activity or serious misconduct
  • other institutions including financial institutions (when you instruct us to)
  • the Australian Federal Police, for the purpose of obtaining a police check when your application for employment with us is successful, as part of our pre-employment screening processes
  • publicly available sources of information through public registers or third parties (including when we have been unable to contact you and are attempting to confirm or update your contact details)

You may give us with information about other people (e.g. a joint account holder, co-borrower or guarantor). When you do this, you should inform them of this Privacy Policy and provide them with a copy or how they may access the document (including from website).

We may also create personal information through our internal processes, for example, when creating an internal credit score for a loan applicant.

3. Laws under which we are required to collect, use and/or disclose your personal information

There are laws that require us to collect, use and/or disclose your personal information in order to provide you with products and services and meet our legislative and regulatory obligations, including:

The Corporations Act 2001 (Cth) requires us to set up and maintain a register of members which includes the name and address of each member.

The Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) which includes Know Your Customer (“KYC”) obligations requiring us to verify that our Members (and customers) and prospective Members (and customers) are who they say they are and to monitor account and transaction activity. We may collect further information at any time to meet our obligations under anti-money laundering and counter-terrorism legislation.

The National Consumer Credit Protection Act 2009 (Cth) requires that we collect personal information from you to understand and verify your financial situation and objectives.

The Personal Property Securities Act 2009 (Cth) which includes the collection of personal information for search and registration purposes. State and Territory real property laws, where you are giving a mortgage.

The Taxation Administration Act 1953 (Cth) and the Income Tax Assessment Act 1936 (Cth) regulate the collection of your Tax File Number (TFN).

We also collect information about your tax residency of other countries to assist us in complying with taxation laws, including the Common Reporting Standard, Foreign Account Taxation Compliance Act and non-resident withholding tax requirements, which are incorporated into Australian taxation laws.

If you do not provide us with the personal information requested

If you do not provide us with the personal information we need, we may not be able to provide (or continue to provide) you with the products or services you are seeking or using, or to consider your application for employment with us. If you are an individual who opens a deposit account with us, you are not required to provide us with your Australian Tax File Number (‘TFN’). However, if you choose not to provide your TFN, we may deduct withholding tax from your interest payments at the highest marginal tax rate.

4. Use

We may use your personal information (including credit-related information) for the purpose of providing products and services to you, managing our relationship with you and managing our business, in accordance with the Privacy Laws. We will notify you of the main reason for collecting your personal information when we collect it. This may include the following:

  • to verify your identity or to verify your authority to act on behalf of another customer or member;
  • to assess and process your application for membership and also for the products and services we offer;
  • to provide membership benefits, financial services and products (including credit products) or information about these benefits, services and products including, periodic statements and information on changes to product terms and conditions;
  • to provide you with information about financial services and products from third parties we have arrangements with;
  • in establishing, maintaining and providing our systems and processes to provide our products and services to you;
  • to execute your instructions (including setting up payment instructions);
  • for the ongoing servicing of our relationship with you including, to respond to your enquiries, requests and complaints;
  • to comply with our obligations under applicable laws, regulations and codes (including to assist law enforcement agencies or regulators, where required to do so);
  • to prevent, detect, investigate and respond to any actual or suspected scam, fraudulent or other criminal activity or serious misconduct;
  • to maintain and develop our business systems and infrastructure;
  • to manage our rights and obligations regarding external payment systems;
  • to enable us to conduct our business and undertake administrative and operational tasks (including staff training, risk management, systems development and testing)
  • to develop new products or improve our products and services and your experience with us;
  • to provide and administer rewards programs;
  • to conduct research (including customer satisfaction research), development and internal analysis;
  • to market our products and services to you and the products and services of third parties we have arrangements with, and also to keep you informed of, and to conduct, competitions and other promotions (including via email, SMS, or any other electronic means including via social media), unless you unsubscribe or otherwise opt out.
  • to contact you, including to discuss online applications you have partially completed; • To take any required legal action
  • To protect the safety and security of our staff and visitors
  • in our recruitment activities including, to assess your application for employment with us, including to verify information contained in your application and to assess, when applicable, whether you are a fit and proper person for employment in an authorized deposit-taking institution;
  • any other purpose for which have you given your consent. In addition to the purposes for which we use your personal information (including your credit information), as provided above, we may also use your credit information to:
  • to assess your credit worthiness
  • to assess whether to accept a guarantor or the risk of a guarantor being unable to meet their obligations
  • to enable a mortgage insurer or title insurer to assess the risk of providing insurance to us or to address our contractual arrangements with the insurer
  • to consider your request for hardship assistance
  • to assess whether to securitise loans or to arrange the securitising of loans
  • to manage your loan or the arrangements under which your loan is funded or in the collection of overdue payments including notifications sent to you; We do not use or disclose your personal information (including credit-related information) for a purpose other than one: • set out in this Privacy Policy;
  • you would reasonably expect;
  • required or permitted by law; or
  • otherwise disclosed to you to which you have consented

5. Disclosure

In providing our products and services to you, managing our business and relationship with you and to comply with our legal obligations, including those referred to above, it may be necessary for us to disclose your personal information (including your credit-related information) to third parties including other people and organisations. We only disclose your personal information to the extent necessary, to the extent required by law, or as consented to by you. We will take reasonable steps to ensure that these third parties have appropriate security arrangements in place to protect your personal information.

5.1 Third parties

The types of third parties we disclose your personal information to include, but are not limited to:

  • external organisations that are our assignees, agents or contractors;
  • people and entities with whom we have outsourcing or service arrangements, including with respect to the following: statement production and delivery, card production, identity confirmation and verification, loan origination, verifying loan applications, mortgage documentation and settlement services, payment processing and systems, banking services, data and transaction processing, information technology support, document storage, legal, audit and accounting services, and direct marketing;
  • information technology service providers;
  • our professional advisers, including auditors, lawyers, accountants and tax advisers;
  • organisations that assist with our product planning, analytics, research and development
  • payment and card service providers when you make a transaction using a payment service or a card;
  • insurers and re-insurers, where insurance is provided in connection with our service to you;
  • credit reporting bodies (including when disclosing that you are in default under a credit agreement or commit a serious credit infringement, if that is the case, or enter into a financial hardship arrangement);
  • other credit providers
  • lenders’ mortgage insurers, where relevant to credit we are or have provided to you (i.e. if insurance is required because the amount you borrow exceeds a certain percentage of the security property’s value);
  • debt collecting agencies, if you have not repaid a loan as required;
  • valuers (where real property is provided as security);
  • state or territory authorities, or PEXA (the national electronic property exchange), that give assistance to facilitate the provision of home loans to you;
  • brokers or referrers who act under arrangements with us in referring your application or business to us;
  • other financial institutions (e.g. if you ask us to process a payment or funds transfer to an account at another financial institution, or so that we can process a claim for a mistaken payment)
  • fraud reporting agencies (including organisations that assist with fraud investigations) and organisations that help detect, identify, investigate and/or prevent suspected or actual scam, fraudulent or other criminal activity or serious misconduct;
  • service providers that assist with fraud detection and prevention;
  • our business partners (product issuers/providers or distributors) with which we have agreements place to arrange or distribute products for, or to act as a mere referrer in referring business to our business partner
  • your representatives, advisers or agents including lawyers, accountants, real estate agents, conveyancers, brokers, financial advisers, trustees, attorneys, financial managers/administrators, as authorised by you;
  • persons and organisations who assist us in monitoring recorded calls for the purposes of quality assurance, training and acknowledgement;
  • your guarantors or proposed guarantors;
  • persons involved in arrangements that provide funding to us, including trustees and managers of securitised loan programs;
  • service providers we engage to assist us in our recruitment activities, including to conduct reference checks on prospective employees;
  • persons you use as referees (including in respect to your loan applications or your application for employment with us);
  • employers or former employers (to verify employment in respect to your loan applications or your application for employment with us);
  • government and law enforcement agencies or regulators;
  • Consumer Data Right accredited data recipients where you have consented to the accredited data recipient collecting the personal information from us and us disclosing the personal information to the accredited data recipient;
  • any organisation with which we are considering merging;
  • any third-party provider we may use to undertake pre-employment screening, including background checks, as part of our recruitment and selection procedures;
  • to courts and other relevant external bodies who deal with disputes (including the Australian Financial Complaints Authority (AFCA) and the Office of the Australian Information Commission (OAIC)); and
  • to government and regulatory authorities, government agencies and Australian (and international) enforcement bodies, when authorized or required by law.

We may also disclose your personal information (including credit-related information) to a third party if:

  • you direct us to do so
  • you consent to the third party obtaining the information from us, or
  • you consent to the third party accessing the information from us, or
  • you consent to the third party accessing the information on our systems, and/or do anything which enables the third party to obtain access.

Your consent to a third party obtaining or accessing information may be implied from:

  • your use of any service or application which a third party provides to you, or makes available to you, which involves the third party obtaining or accessing personal information held by us or organisations like us, or
  • you doing anything else which enables the third party to obtain access to the information.

5.2. Disclosure outside of Australia

Sometimes, we may disclose your personal information overseas, including to: our service providers or third parties who store data or operate outside Australia; organisations we partner with to provide products and services; and to comply with our legal obligations, including to assist government or law enforcement agencies. The countries where we are likely to disclose your personal information include: United States of America, United Kingdom, Serbia, Singapore, India, Indonesia, South Africa and France. Where this occurs, we ensure that appropriate privacy, data handling and security arrangements are in place to protect your data.

We also disclose your personal information overseas if you choose to make an international transfer. The countries to which we may disclose your personal information are those to which you make the transfer.

If we do disclose your personal information outside Australia, we will do so on the basis that the information will only be used for the purposes set out in this Privacy Policy.

For third party products of our business partners, taken out through Queensland Country Bank, the product issuer/provider can provide further information on how they protect and disclose your personal information.

5.3 Electronic verification of identity

Section A:

We are required under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) to collect and verify information relating to your identity. Subject to your consent, we will disclose your name, address and date of birth in order to access identification information electronically held by credit reporting bodies, the government’s Documentation Verification Service (DVS)1 and other public records.

To access such information, we use a service provider registered under the DVS. The service provider, may, for verification purposes on our behalf:

  • request that a credit reporting body provide us with an assessment as to whether your personal information matches that held in their credit information files. (In preparing this assessment, the credit reporting body may use the personal information of other individuals);
  • disclose your personal information to the DVS;
  • search other public records.

Section B:

We are also required under the State based real property laws to collect personal information and verify the identity of mortgagors for mortgages (VOI).

In this sub-section, “you” or “your” mean the proposed mortgagor(s). Subject to your consent, our identity verification is performed by a service provider, OCR Labs Pty Ltd (ACN 20 603 823 276) trading as IDVerse. To verify your identity, information about you, including data from your identity document(s), your biometric data and information about your device and location will be provided to IDVerse. For further details about how IDVerse may collect, hold, use or disclose your personal and sensitive information please refer to IDVerse’s privacy policy.

If you do not consent to these processes, alternative forms of verifying your identity are available on request.

If we are unable to verify your identity using the above methods, you will be provided with a notice to that effect. You may then be asked to provide further evidence of your identity. If we are unable to verify your identity to our satisfaction, we will not be able to admit you to membership or provide you with the services or products you seek.

  1. The DVS is a national online system that allows personal identifying information about individuals to be compared against government records. Your information will be matched against that held by the relevant government department or agency. You can find out more about the DVS on their website.

6. Consumer Data Right (CDR)

The CDR gives you the right to:

  • access some of the data (including personal information) held about you by us and by other data holders (‘CDR Data’);
  • consent to an accredited third party accessing your CDR data held by us; and
  • consent to an accredited third party accessing your CDR data held by another data holder. 

We have a policy about our management of CDR Data. It is available through our website or you can obtain an electronic or hard copy from us on request.

7. Refusal of credit applications

We may refuse an application for consumer credit made by you on your own or with other applicants. Our refusal may be based on credit eligibility information obtained from a credit reporting body about you, another applicant or another person proposed as guarantor. In that case, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.

8. Credit checks and credit reporting

8.1 Credit reports

When you apply for credit with us or agree to be a guarantor, we may obtain a credit report about you from a credit reporting body. Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers and others in the credit industry to assist them in managing credit risk, collecting debts and other activities. When we request your credit report from a credit reporting body, this request will be recorded as a credit inquiry on your credit report.

A credit report contains information about your credit history and other credit-related information. This helps us assess your credit worthiness when considering your application for credit, verify your identity and manage the loan accounts and credit facilities you have with us. Your credit report includes personal details identifying you (name, gender, date of birth, driver’s licence number, employer, current and previous address); details of credit products you had or have; your repayment history, financial hardship information and default information; your credit applications; public record information (including any bankruptcies or debt agreements, court judgments, or personal insolvency agreements in your name); and any requests for your credit report that have been made by credit providers.

Information we exchange with credit reporting bodies

We may exchange information about you with a credit reporting body if you are applying for credit; or have obtained credit from us; or you guarantee or are considering guaranteeing the obligations of another person to us; or you are a director of a company that is a loan applicant or guarantor. The information we can exchange with a credit reporting body, includes your identification details, what type of loans you have, how much you’ve borrowed, whether or not you’ve met your payment obligations and if you have committed a serious credit infringement. It also includes additional credit information referred to as Comprehensive Credit Reporting data in section 8.2 of this Privacy Policy.

Your credit report may also include a credit score that has been created by the credit reporting body using the information included in your credit report. A credit score indicates the credit reporting body’s analysis of your eligibility to be provided with consumer credit.

While we are required to notify at or before the time we collect your personal information that we are likely to disclose your information to a credit reporting body, as part of our credit reporting obligations, we are not required to obtain your consent to the disclosure of this personal information for this purpose.

The credit reporting body we use is:

Equifax Australia Information Services and Solutions Pty Ltd (Equifax Australia)

You can download a copy of Equifax Australia’s privacy policy as follows:

Equifax Australia — at www.equifax.com.au

Contact credit reporting body if you think you have been the victim of a fraud

You can ask a credit reporting body (including Equifax Australia), through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud, including identity fraud. If you do this, the credit reporting body must not use or disclose the information during an initial 21-day period without your consent (unless the use or disclosure is required by law). This is known as a ban period.

If, after the initial 21-day ban period, the credit reporting body believes on reasonable grounds that you continue to be or are likely to be the victim of fraud, the credit reporting body must extend the ban period as they think reasonable in the circumstances. The credit reporting body must give you a written notice of the extension.

8.2 Comprehensive credit reporting

Under comprehensive credit reporting we can share additional credit information about you with credit reporting bodies which includes up to 24 months repayment history on your accounts, such as credit cards and loans; the types of credit accounts opened with us; the dates you’ve applied for, opened, and closed credit accounts; and the current limits on our credit products. This is referred to as Comprehensive Credit Reporting (CCR) data.

9. Security

We take all reasonable steps to ensure that your personal information (including credit-related information), collected through our website or otherwise and subsequently held by us, is protected from:

  • misuse, interference and loss; and
  • unauthorised access, disclosure or modification.

Your personal information may be held by us in paper or electronic form. All personal information (including credit-related information) is stored within secure systems which are in controlled facilities. There are restrictions on who may access personal information and for what purposes. Our employees, contractors, service providers and authorised agents are obliged to respect the confidentiality of personal information held by us.

If we suspect or believe that there has been any unauthorised access to, disclosure of, or loss of, personal information held by us, we will promptly investigate the matter and take appropriate action, and we will comply with any obligations in relation to notifiable data breaches that are in force under the Privacy Act.

We ask you to keep your passwords, two-factor authentication codes (2FA) and Personal Identification Numbers (PINs) confidential, and secure. To keep the personal information that we hold about you secure, you should never provide or disclose any of your passwords, two[1]factor authentication codes or PINs to any third party, this will enable access by them to your personal information. If you do, you may breach the ePayments Code and the terms and conditions applying to products and services we provide to you and you may be liable for any unauthorised transactions that subsequently occur.

When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we take reasonable steps to ensure it is destroyed or de-identified.

10. Digital

This section explains how we handle personal information and credit information collected from our digital channels. If you have any questions or concerns about transmitting your personal information via the internet, you may contact our Privacy Officer (whose details are in paragraph 15 of this Privacy Policy) as there are other ways for you to provide us with your personal information.

10.1. Cookies

When you browse our website or mobile app services you will do so anonymously. Personal information, such as your name, address, telephone number or email address, is not collected. We use ‘cookies’ to collect information about how our website is used. ‘Cookies’ give users a unique, random ID by storing small text files onto a user’s computer with their web browser. They enable a website to track a user’s activities.

You may change the settings on your browser to reject cookies. However, doing so might prevent you from accessing the secured pages of our website and those of other websites. If you wish to restrict or block web browser cookies, and for more detailed information please refer to our Cookie Policy available on our website.

Our website and App also may contain links that lead to other websites. The terms of this Privacy Policy do not apply to external websites. If you wish to find out how any third parties handle your personal information (including credit-related information), you will need to obtain a copy of their privacy policy.

10.2. Information Collected

Our website and mobile app offer a number of interactive facilities including tools such as calculators, as well as online surveys, communication and application forms.

If you visit an unsecure area of the website (ie an area where you are not required to log on) to read, browse or download information, our system will record the date and time of your visit to our site, the pages viewed, and any information downloaded. However, our systems will not record any personal information.

If you use any of the tools such as our calculators, we generally do not capture any personal information that you may enter when using these tools. However, we may aggregate this information to provide us with insights into how to provide better services to you.

Examples of when we will retain your personal details include:

  • When a tool or application allows you to suspend or save your progress and retrieve the details at a later time, such as our Personal Loan and Home Loan applications. In this case the information is stored on our systems so that you may resume your application, or your application may be retrieved by us.
  • If you decide to complete an online application form or online survey, the information that you enter into the online form or survey will be collected by us once you submit your online application or survey. This is to allow us to contact you about your application.

10.3. Email

When we receive emails, we will retain the content of the email and our response to you.

Your email address will only be used or disclosed for the purpose for which it was provided. It will not be added to any mailing lists or used for any other purpose without your consent.

10.4. Our security practices

We are committed to providing safe mobile banking services. All use of our mobile banking application and transactions through the mobile app are encrypted. Encryption protects any personal information you send to us through our mobile banking service. Only authorised employees or agents of Queensland Country can gain access to this information.

10.5. Notifications

Banking transaction and balance alerts can be established via our mobile banking app. These alerts can only be established by you and the secure detail of the alert can only be viewed when you are logged into mobile banking. Your mobile device will, however, receive push notifications from our systems through its operating system’s notification facility, indicating to you that an alert has been produced and is ready to be viewed through mobile banking. These push notifications will not include personal information.

10.6. Location based services

We use your current location to determine the closest bank branch, ATM, access point or other services that we consider may be of benefit to you, when you allow us to do so via a setting on your mobile device. This information is only used while determining the standard bank services closest to you and we do not store this information.

10.7. Website Security

We use information security standards applicable to banking to establish secure connections with you and to limit access to databases containing personal information to authorised personnel only. When we capture your personal information, it is passed through our secure server using encryption technology to ensure it is protected when transmitted over the internet. We also regularly review and update our security measures to ensure the ongoing protection of your personal information.

10.6. Links on our website

Our website may contain links to third party websites. The terms of this Privacy Policy do not apply to external websites. If you wish to find out how any third party handles your personal information or credit information, you will need to obtain a copy of their privacy policy.

Where you access a third-party website from our website, cookie information about your preferences or other information you have provided about yourself may be shared between us and the third party. You cannot be identified from the information that is shared. However, if you can be identified from this information, we will seek your consent before sharing such information.

10.7. Advertising and Tracking

We use advertising companies to deliver our online advertising where banner advertisements are placed on third party websites.

When you view our advertisements on a third-party website, the advertising company uses 'cookies' to collect information such as:

  • The server your computer is logged on to;
  • Your browser type;
  • Your device type;
  • The date and time of your visit;
  • The performance of their marketing efforts; and
  • Any information or documentation that you download. When you click on one of our advertisements that appears on another website, the advertising company will collect information on how you utilise our website (e.g. which pages of our website you view) and whether you complete an online application. In addition, we also use other service providers, known as tracking companies, to collect information on how you use our website.

These tracking companies also use cookies to collect information similar to that collected by the advertising companies.

The advertising agencies and tracking companies use the information they collect to perform statistical analyses of aggregate user behaviour, but those analyses are not based on personal information. We use those analyses to measure advertising effectiveness and relative consumer interest in the various areas of our website. As a general rule, no personal information is collected by the companies in this process. If, however, any information is automatically collected, these companies are required under their arrangements with us to maintain privacy and confidentiality of that personal information.

We may disclose the information collected by a company, in an aggregate form only, to third parties including advertisers or potential advertisers.

We utilise third party software to create heat maps of our website pages. Heat maps are aggregations of data regarding which parts of our website people view and what links they click on. This information can be used to optimise the information we provide via our website and how we link pages, with the aim of creating a better experience for visitors. The software does not collect personal information about you but does create a cookie that allows the software to detect whether you are a first time or return visitor.

11. Access

You may request access to the personal information (including credit-related information) that we hold about you at any time by advising one of our staff or contacting us using the details provided in Section 16 of this Privacy Policy. We will respond to your request for access within a reasonable time and will need to confirm your identity before giving you access.

In relation to your request for access to your credit eligibility information that we have received from credit reporting bodies, we will provide access within 30 days unless unusual circumstances apply. We will also ask you to check with credit reporting bodies what information they hold about you. This is to ensure that you have access to the most up-to-date information.

If we refuse to give you access to any of your personal information, we will provide you with written notice of the reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. You can contact our Privacy Officer (whose details are in Section 16 of this Privacy Policy) if you would like to make a complaint about our decision to refuse access. For further information on making a complaint, please refer to Section 15 of this Privacy Policy.

Except where prohibited by the Privacy Laws, we may charge you a fee to recover the reasonable costs that we incur in responding to your request for access to your personal information (but not for making a request for access).

12. Accuracy and correction

We take reasonable steps to make sure that your personal information (including credit-related information) that we collect, use or disclose is accurate, complete and up-to-date. However, if you believe your information is incorrect, incomplete or not current, you can request that we update this information by advising one of our staff or contacting us using the details provided in Section 16 of this Privacy Policy. We will take all reasonable steps to action your request. This includes assessing your request and informing you whether we agree that a correction should be made.

In relation to your request to correct your credit-related information, if the information was given to us by a credit reporting body (or based on that information), we will help you to seek the correction of this information within 30 days. However, if we are unable to facilitate the correction within this timeframe, we will contact you to explain why it has taken longer.

If we do not agree with your request to correct your personal information (including credit[1]related information), for example, because we don’t believe the personal information is incorrect, we will advise you of the reasons and your right to make a complaint about our decision. For further information on making a complaint, please refer to Section 15 of this Privacy Policy.

13. Marketing

Where permitted by law, we may use your personal information, including your contact details, to provide you with information about our products and services, including those of third parties, and competitions or promotions which we consider may be of interest to you. 

We may also provide your details to third party organisations with which we have 
arrangements for marketing products and services to our Members.

13.1. Opting Out

You may opt out at any time if you no longer wish to receive marketing information or do not wish to receive marketing information. In order to do so, simply contact us (via the ‘How to Contact Us’ details in Section 16 of this Privacy Policy) and let us know that you no longer want us to send you marketing materials or disclose your information to other organisations for marketing purposes. You can also 'unsubscribe' from our email marketing messages, which always include an unsubscribe option.

Contact credit reporting body if you don’t want your information used by them for direct marketing/pre-screening purposes

To help us reach the right people with direct marketing for our credit products or services, we may ask a credit reporting body to "pre-screen" a list of potential recipients of our direct marketing against our eligibility criteria to remove recipients who do not meet those criteria. The credit reporting body cannot use information about your existing loans or repayment history in carrying out its pre-screening and it must destroy its pre-screening assessment once it has given us, or a contractor acting on our behalf, the list of eligible recipients. If you do not want your credit information used for pre-screening by a credit reporting body that holds credit information about you, you can opt-out by informing that credit reporting body. If you do this, the credit reporting body must not use your information for that purpose.

14. Changes to the Privacy Policy

We may make changes to this Privacy Policy from time to time (without notice to you) that are necessary for our business requirements or the law.

15. Questions and complaints

If you have any questions, concerns or complaints about this Privacy Policy, our decision regarding your request to access or correct your personal information (including credit-related information) or if you believe that in handling your personal information (including credit[1]related information), we have breached the Privacy Laws, please let us know. Please also contact us if you believe that the privacy of your personal information has been compromised or is not adequately protected. You may raise your complaint by contacting us by any of the methods provided in Section 16 ‘How to Contact Us’. Your complaint will be dealt with by our Privacy Officer.

Once a complaint has been lodged, the Privacy Officer will respond to you as soon as possible. Wherever possible we will try to resolve your complaint on the spot, or within five (5) business days. However, if this is not possible, we will contact you and keep you updated as we progress to a resolution. If we are unable to resolve your complaint within 21 days, we will advise you of the reasons for the delay and keep you updated on our progress. We will also provide you with the contact details for the Australian Financial Complaints Authority (AFCA), which is an independent external dispute resolution scheme.

If you are still not satisfied with our response or handling of your complaint, you can contact the external bodies that deal with privacy complaints. These are the AFCA and the Office of the Australian Information Commissioner. Either of these bodies may forward your complaint to the other if it considers the complaint would be better handled by that other body.

  • Office of the Australian Information Commissioner
    Mail: GPO Box 5218, Sydney NSW 2001
    Telephone: 1300 363 992
    Website: www.oaic.gov.au
  • Australian Financial Complaints Authority
    Mail: GPO Box 3, Melbourne VIC 3001
    Telephone: 1800 931 678
    Interpreter service: 131 450
    Website: www.afca.org.au

16. How to Contact Us

In person at one of our branches

Visit our website and complete our online form at https://www.queenslandcountry.bank/help-info/feedback/

Phone us on 1800 075 078; or

Write to us at the address below: Privacy Officer Queensland Country Bank Limited Post: PO Box 679, Aitkenvale QLD 4814

Email us at: privacy@queenslandcountry.bank

 

  • Download our Privacy Credit Reporting Policy - Effective 20 December 2024 Download our Privacy Credit Reporting Policy - Effective 20 December 2024
  • Download our Privacy Notification - Effective 20 December 2024 Download our Privacy Notification - Effective 20 December 2024
  • Download our privacy policy Download our privacy policy