ING Privacy Policy

Image: OceanZen

Privacy Policy

Issued March 2014

1. Privacy Policy

This Privacy Policy applies to ING Bank (Australia) Limited (ABN 24 000 893 292) (trading as "ING”). The terms "we", "us" or "our" used in this Policy mean ING.

ING is committed to ensuring the confidentiality and security of your personal information. We are bound by the Privacy Act 1988, including the Australian Privacy Principles (APPs) set out in that Act, to guide us in our responsible handling of your personal information.

2. What personal information do we collect?

In simple terms, personal information is information or an opinion about an identified individual or an individual who can reasonably be identified. The type of personal information we collect may include your name, mailing address, date of birth, email address, telephone number, tax file number, annual income and other financial details.

2.1. Credit information

If you are applying for credit or if you are a guarantor, the personal information we will collect includes anything about credit worthiness, standing, history and capacity, such as your employment details, your financial details, opinions from other credit providers about your credit worthiness and reports and other information from credit reporting bodies.

We derive certain information we receive from credit reporting bodies about you, such as credit ratings or scores, to enable us to make responsible lending decisions.

2.2. Sensitive information

We don’t generally collect personal information about you which is sensitive, such as information about your health or criminal record. Unless the collection of sensitive information is required or authorised by law or a court order, we will obtain your consent to its collection only if we need it to provide you with a specific product or service (such as certain types of insurance), if you make a claim with us for financial hardship relief or if you apply for employment with us.

2.3. Tax File Number

ING is required to request the collection of your Tax File Number (TFN) under certain legislation. The handling of TFNs is also regulated under the Privacy Act through Guidelines issued by the Information Commissioner.

The continued confidentiality and security of your TFN will be maintained in accordance with these Tax File Number Guidelines.

ING may also request the collection of a foreign tax identification number in order to comply with global laws that have extraterritorial application to ING or the ING Group.

2.4. Dealing with us anonymously or by use of a pseudonym

You can deal with us anonymously or by a pseudonym (e.g. an email address that doesn’t contain your actual name) in some circumstances, such as when you make inquiries about our products and services. However, we’ll need to know (and verify) who you are before we can provide you with our financial products and services.

3. How we collect your personal information

We collect most personal information directly from you. For instance, your personal information will be collected when you deal with us via our Contact Centre, send us a letter, visit our websites, when you complete an application form or open an account. We may also collect your personal information through customer surveys or questionnaires for the purpose of obtaining your feedback on our products and services.

Occasionally, we may need to source personal information about you from a third party, but only if you’ve consented to us collecting the information in this way or you would reasonably expect us to collect the information about you from a third party. For instance, we may collect certain personal information about you from credit reporting bodies, government departments or third party brokers.

4. How we use your personal information

The general rule is that we will use or disclose your personal information only for the purposes stated at the time of the collection. If we want to use your personal information for another purpose, we will seek further consent from you, unless that other purpose is related to one of the original purposes of collection and you would reasonably expect us to use your personal information for that other purpose.

We collect, hold, use and disclose your personal information for the following reasons:

  • to assist in providing you with information about an ING product or service that you’ve asked us about;
  • to assess your application and eligibility for a product or service. In particular, when you apply for credit, we need to be able to work out whether you’re likely to be in a position to repay. We’ll base this decision on your financial position and your credit history from the information that you have provided on your application form, in conjunction with information from credit reporting bodies and other credit providers that you’ve dealt with;
  • to provide you with the products and services that you have requested and generally to administer our relationship with you;
  • to assist us to run our business, including using information for training purposes, risk management, systems development and testing, archiving, record keeping, product and service development, undertaking planning, research and statistical analysis and other operational andadministrative tasks;
  • unless you tell us otherwise, to provide you with further information about other ING products and services and products and services from selected service providers with whom we have a relationship;
  • to safeguard the security and integrity of the ING Group and the financial sector, including preventing fraud and other criminal or undesirable activities in relation to the ING Group, its customers and staff or other financial institutions; and
  • to comply with Australian legal and regulatory obligations (including codes of conduct and external payment systems) and global legal or regulatory requirements that have extraterritorial application to ING or the ING Group. For example, ING has an obligation to identify customers under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). We will identify the law or regulation that authorises or requires us to collect your personal information at the time of collection (or as soon as possible after we collect it).

If you do not provide us with the requested information we will generally not be able to provide you with ING products or services. You also can refuse to give, or withdraw, your consent in relation to any particular use of your personal information at any time. However, again, if you refuse to give your consent or withdraw your consent for particular uses we will not be able to provide you with products or services.

5. Disclosure of your personalinformation to other parties

It may be necessary for ING to disclose your personal information to certain third parties in order to assist us in providing, managing and administering your products or services or for other related purposes. These include:

5.1. Other financial institutions

Other financial institutions, such as banks, credit unions, building societies and payment services such as VISA, in order to set up and manage your account and manage banking transactions and, at their request, to provide an opinion or information about your credit worthiness, credit standing, credit history or credit capacity if you seek credit from them.

5.2. Other organisations

Other entities in the ING Group of companies and third parties, such as:

  • other ING Group entities in order to service other products you may have within the Group and portfolio analysis;
  • other ING Group entities located overseas for account administration, regulatory and security purposes;
  • any person acting on your behalf including your financial adviser, power of attorney, solicitor or accountant;
  • your referee(s);
  • your guarantor(s);
  • any person who introduces you to us, including mortgage intermediaries and agents;
  • organisations undertaking reviews of the integrity of our operations, including the accuracy and completeness of our information;
  • any third party product and service supplier that we have an arrangement with (so that either us or they may provide you with the product or service you have requested or in which you have expressed an interest);
  • our solicitors, valuers and insurers (for loan products);
  • credit reporting or information verification agencies (or their affiliated entities) in order to obtain and provide details about your credit history or status, to verify other information about you including your identity, to carry out your request to correct your credit information or to resolve your complaint about the handling, use or disclosure of your credit information;
  • organisations involved in securitisation arrangements. These organisations include trustees of those arrangements, investors and their advisers;
  • organisations who perform services or functions on our behalf;
  • organisations undertaking compliance reviews of financial advisers or mortgage intermediaries; and
  • organisations providing any of trustee, administration, custodial, insurance, broker and share trading and financial planning advice services in relation to superannuation.

Any example used above to indicate when we might disclose personal information may not be limited to those examples (or examples of a similar kind).

5.3. Other disclosures

Personal information will only be disclosed to third parties other than those listed above:

  • if you have expressly consented to your personal information being supplied to others, which we will usually obtain from you in writing. We can also ask you to consent verbally in some circumstances;
  • if you would reasonably expect us to disclose information of that kind to those third parties; or
  • if we are authorised or required to do so by law or if it is necessary to assist with law enforcement. For example, a regulator (such as the Australian Taxation Office or the Australian Securities & Investments Commission), a Court or the police can compel us to disclose personal information to them.

5.4. Credit reporting bodies

We may disclose information to credit reporting bodies prior, during or after a loan product is provided to you. This includes:

  • that you have applied for a loan and the date on which the loan is entered into, the type of loan, the terms and conditions relating to the loan, the amount of the loan and date on which the loan is paid out or otherwise discharged;
  • your repayment history information, which is information about whether you have met your monthly payment obligations (subject to any ‘grace period’), and if your payment is late – how late it is;
  • subject to our financial hardship process and otherwise providing you with at least 14 days notice, details of payments for no less than $150 that are at least 60 days overdue and which are in collection (and advice that payments are no longer overdue); and our opinion that you have committed a serious credit infringement.

5.5. Outsourcing

We disclose information when we outsource certain services or functions, including mailing services, document storage services, direct marketing, data verification services, information technology support and printing our standard documents and correspondence. Organisations performing services on our behalf are required to comply with our confidentiality and privacy requirements.

5.6. Securitisation

Securitisation involves the bundling of assets of a similar nature (such as loans) and selling those bundled assets to an entity established for this purpose. To complete the transaction, we may disclose personal information to any person involved in the transaction, such as the purchaser of the bundled assets, rating agencies, trustees, investors and advisors.

5.7. Sending information overseas

We may have to send personal information overseas for example, if required to complete a transaction or where we outsource a function to an overseas contractor. Your personal information may be disclosed to staff in ING Group entities in Singapore and the Netherlands if necessary to administer our relationship with you; if those entities provide services to, or functions for, ING; for transactional reasons; or to comply with Australian and global regulatory requirements applying to us or the ING Group (including to comply with requests for information received by overseas regulators).

We will take reasonable steps to ensure that third parties located overseas do not breach the APPs in relation to your personal information.

6. Marketing

We may use your personal information to offer you products and services that we believe may interest you, but we won’t if you tell us not to. We do not sell or rent your personal information to any unrelated third parties for their marketing purposes without your explicit consent.

However, we may supply your personal information to direct marketing agencies, other ING Group entities, selected affiliated service providers, or any of the service providers in relation to the superannuation fund to which ING is the promoter (including the trustee) for the sole purpose of those companies contacting you about ING or ING products and services that may be of interest to you.

If you don’t want to receive marketing offers from us about our products and services or those of another ING Group entity or third party service providers with whom we have a relationship, please let us know by:

  • ticking the box on the applicable form when you apply for a product or service; or
  • contacting us by any of the means set out in Section 12 (“How to contact ING about privacy”).

We will act promptly on your request and will also ensure that each electronic marketing message sent (e.g. by email) includes a method that enables you to tell us you do not want to receive future electronic marketing material.

7. How to access and correct your personal information

7.1. Access

You may request access to limited amounts of personal information that we hold about you – such as your address - by calling us on 133 464.

For a more detailed request for access to information that we hold about you, you will need to write to the ING Privacy Officer at GPO Box 4094, Sydney NSW 2001. We may request that you specify the information you wish to access, to help us quickly identify and retrieve that information for you.

Please note that requests for access to your personal information may only be made by you or by another person who you have authorised to make a request on your behalf, such as a legal guardian or authorised agent. We will require you to verify your identity, or the identity and authority of your representative, to our reasonable satisfaction.

An access charge may apply, but not to your request for access itself. In particular, we may impose a reasonable charge for providing access to this information to recover any expenses incurred in retrieving and collating the requested information. Please refer to your product documentation or contact ING for details of any applicable access charge. Where an access charge applies, unless you authorise us to debit your account with us, access won’t be provided until we receive payment.

We will respond to your access request as soon as possible and tell you how long it will take to provide the information. This will usually be in less than 14 days, but may be up to 28 days in some circumstances.

We may exercise our right to deny access to particular information in certain situations, for example where access may reveal our commercially sensitive decision processes (e.g, criteria for loan approvals) or where the information relates to existing or anticipated legal proceedings or where it will threaten the privacy of other individuals.

If we deny you access to your personal information, we will write to you to:

  • explain the reason your access request has been denied unless it would be unreasonable for us to do so given the grounds on which we have based our refusal; and
  • the avenues available to you to complain about our refusal.

If we refuse to give you access, if appropriate, we will attempt to find alternative means to enable you to access the information, for example, through a mutually agreed intermediary.

7.2. Correction

We take reasonable steps to ensure that your personal information is accurate, up-to-date, complete, relevant and not misleading. For instance, we may ask you to confirm some of your details when you deal with us via the Contact Centre. However, please contact us if you learn that any your personal information that we hold is incorrect, has changed or requires updating.

We will respond to your correction request as soon as possible – or immediately, if you contact us by phone - and tell you how long it will take us to consider your correction request. This will usually be in less than 14 days, but may be up to 28 days or more in unusual circumstances (e.g. where we are required to consult with other credit reporting bodies and/or credit providers in relation to the information).

We will promptly update your personal information if it is inaccurate, out-of-date, incomplete, irrelevant or misleading having regard to the purpose for which it is held by us. If we correct the personal information the subject of your correction request and we have previously disclosed that information to a third party, we will notify that third party of the corrected information (if we’re required to by law).

If we disagree with your request to correct your personal information we will write to you to:

  • explain the reason your correction request has been denied unless it would be unreasonable for us to do so; and
  • the avenues available to you to complain about our refusal.

If we disagree with your request to correct your personal information, you also have the right to ask us to attach a statement that in your opinion the information inaccurate, out-of-date, incomplete, irrelevant or misleading. This right does not apply to our refusal to correct your credit information.

8. Storage and protection of your personal information

8.1. Storage and security

We store personal information in a combination of secure computer storage facilities and paper based files and other records.

We are committed to protecting your personal information from misuse, loss and interference. We also protect it from unauthorised access, modification and disclosure.

We limit access to those staff and service providers properly authorised to have access, including those who manage your financial product, provide you with a financial service or supply you with further information on ING products or services.

We have in place a range of security measures designed to prevent unauthorised access or disclosure of your personal information, including physical security (such as locks and security systems over our electronic and paper stores and premises) and up-to-date computer and network security systems.

8.2. We de-identify or destroy your information when we no longer need it

If we no longer require your personal information for a purpose, for example, to manage your financial product or provide you with a financial service, then we will take reasonable steps to securely destroy it or permanently remove all identifying features from that information. This obligation is subject to any legal requirements to keep personal information for a certain period of time – in most cases, personal information records are kept for a period of 7 years after their creation or 7 years after an account is closed.

9. Online security

9.1. Cookies

We may use “cookies” to assist you in accessing information on our websites which is of interest and relevance to you. Cookies are a way of storing information on your computer so you do not have to enter the same data every time you access our websites - for instance, your email address. We may also use cookies and other technology to capture general information about how you have found our website, or to track the number of visitors to a site. This general information may identify a user’s browser type and your internet service provider, but this information alone does not identify an individual.

If you have any concerns about this technology and do not wish to accept cookies, you can adjust the settings on your browser to not accept them or to prompt you every time they are about to be stored.

9.2. Internet banking

All customers receive a Client Identification Number and Access Code to access their account online. Your Client Number and Access Code are unique identifiers for you. As such, it is a condition of your account to keep your Access Code and any other codes confidential and secure at all times.

The complete terms and conditions relating to the use of the ING Interactive Service (including online banking) are outlined in the relevant terms and conditions for your account.

If you believe or suspect that your codes may have been disclosed to another person or you want to change your Access Code, please contact us immediately by calling one of our Customer Care Specialists 24 hours a day, 7 days a week on 133 464.

9.3. Linking

Our website may link to other websites that do not belong to any ING Group entity. However, please be aware that we can’t guarantee that the privacy standards of those linked websites will be the same as ours.

10. Changes to this Policy

We may make changes to our privacy and information handling processes from time to time. To the extent necessary, we will update this policy to reflect those changes and publish it on our websites.

11. How to contact ING about privacy

If you wish to obtain further copies of this policy please contact us or download the policy from ing.com.au.

If you have any further questions about privacy at ING please contact us by:

  • calling 133 464
  • emailing customer.service@ing.com.au
  • writing to:
    ING Privacy Officer
    GPO Box 4094
    Sydney NSW 2001

11.1. Making a privacy complaint

ING is committed to resolving your privacy complaint as quickly as possible and has procedures in place to help resolve any problems or complaints efficiently. Our aim is to assist you by reaching a satisfactory solution as soon as possible.

If you have a complaint or a concern about privacy at ING, including if you consider that we have breached the Privacy Act, the Credit Reporting Privacy Code or other applicable Privacy Code that applies to us, please contact the Privacy Officer by one of the means set out above.

If you are not satisfied with how the complaint or concern about privacy is resolved, you can refer your complaint to the Financial Ombudsman Service Australia (FOS Australia), which is an independent external dispute resolution body.

You can contact them by:

  • calling 1800 367 287
  • going to fos.org.au;
  • faxing 03 9613 6399
  • writing to:
    Financial Ombudsman Service Australia
    GPO Box 3
    Melbourne VIC 3001

If you are not satisfied with how your complaint is resolved by the FOS Australia, then you can take your complaint to the Information Commissioner. The Commissioner can be contacted on the privacy hotline 1300 363 992 or by going to www.oiac.gov.au.

Please go to the “Complaints and Disputes” section of our website for information on how we deal with your complaints that are not privacy related.

11.2. Handling your complaints

We aim to:

  • acknowledge receipt of your complaint with 7 days; and
  • resolve your complaint within 28 days. In certain circumstances that may not be possible.

If we form the view that we can’t resolve your complaint within 28 days, we will notify you of the reason for the delay and the expected timeframe to resolve your complaint.