Issued March 2014
ING is committed to ensuring the confidentiality and security of your personal information. We are bound by the Privacy Act 1988, including the Australian Privacy Principles (APPs) set out in that Act, to guide us in our responsible handling of your personal information.
In simple terms, personal information is information or an opinion about an identified individual or an individual who can reasonably be identified. The type of personal information we collect may include your name, mailing address, date of birth, email address, telephone number, tax file number, annual income and other financial details.
If you are applying for credit or if you are a guarantor, the personal information we will collect includes anything about credit worthiness, standing, history and capacity, such as your employment details, your financial details, opinions from other credit providers about your credit worthiness and reports and other information from credit reporting bodies.
We derive certain information we receive from credit reporting bodies about you, such as credit ratings or scores, to enable us to make responsible lending decisions.
We don’t generally collect personal information about you which is sensitive, such as information about your health or criminal record. Unless the collection of sensitive information is required or authorised by law or a court order, we will obtain your consent to its collection only if we need it to provide you with a specific product or service (such as certain types of insurance), if you make a claim with us for financial hardship relief or if you apply for employment with us.
ING is required to request the collection of your Tax File Number (TFN) under certain legislation. The handling of TFNs is also regulated under the Privacy Act through Guidelines issued by the Information Commissioner.
The continued confidentiality and security of your TFN will be maintained in accordance with these Tax File Number Guidelines.
ING may also request the collection of a foreign tax identification number in order to comply with global laws that have extraterritorial application to ING or the ING Group.
You can deal with us anonymously or by a pseudonym (e.g. an email address that doesn’t contain your actual name) in some circumstances, such as when you make inquiries about our products and services. However, we’ll need to know (and verify) who you are before we can provide you with our financial products and services.
We collect most personal information directly from you. For instance, your personal information will be collected when you deal with us via our Contact Centre, send us a letter, visit our websites, when you complete an application form or open an account. We may also collect your personal information through customer surveys or questionnaires for the purpose of obtaining your feedback on our products and services.
Occasionally, we may need to source personal information about you from a third party, but only if you’ve consented to us collecting the information in this way or you would reasonably expect us to collect the information about you from a third party. For instance, we may collect certain personal information about you from credit reporting bodies, government departments or third party brokers.
The general rule is that we will use or disclose your personal information only for the purposes stated at the time of the collection. If we want to use your personal information for another purpose, we will seek further consent from you, unless that other purpose is related to one of the original purposes of collection and you would reasonably expect us to use your personal information for that other purpose.
We collect, hold, use and disclose your personal information for the following reasons:
If you do not provide us with the requested information we will generally not be able to provide you with ING products or services. You also can refuse to give, or withdraw, your consent in relation to any particular use of your personal information at any time. However, again, if you refuse to give your consent or withdraw your consent for particular uses we will not be able to provide you with products or services.
It may be necessary for ING to disclose your personal information to certain third parties in order to assist us in providing, managing and administering your products or services or for other related purposes. These include:
Other financial institutions, such as banks, credit unions, building societies and payment services such as VISA, in order to set up and manage your account and manage banking transactions and, at their request, to provide an opinion or information about your credit worthiness, credit standing, credit history or credit capacity if you seek credit from them.
Other entities in the ING Group of companies and third parties, such as:
Any example used above to indicate when we might disclose personal information may not be limited to those examples (or examples of a similar kind).
Personal information will only be disclosed to third parties other than those listed above:
We may disclose information to credit reporting bodies prior, during or after a loan product is provided to you. This includes:
We disclose information when we outsource certain services or functions, including mailing services, document storage services, direct marketing, data verification services, information technology support and printing our standard documents and correspondence. Organisations performing services on our behalf are required to comply with our confidentiality and privacy requirements.
Securitisation involves the bundling of assets of a similar nature (such as loans) and selling those bundled assets to an entity established for this purpose. To complete the transaction, we may disclose personal information to any person involved in the transaction, such as the purchaser of the bundled assets, rating agencies, trustees, investors and advisors.
We may have to send personal information overseas for example, if required to complete a transaction or where we outsource a function to an overseas contractor. Your personal information may be disclosed to staff in ING Group entities in Singapore and the Netherlands if necessary to administer our relationship with you; if those entities provide services to, or functions for, ING; for transactional reasons; or to comply with Australian and global regulatory requirements applying to us or the ING Group (including to comply with requests for information received by overseas regulators).
We will take reasonable steps to ensure that third parties located overseas do not breach the APPs in relation to your personal information.
We may use your personal information to offer you products and services that we believe may interest you, but we won’t if you tell us not to. We do not sell or rent your personal information to any unrelated third parties for their marketing purposes without your explicit consent.
However, we may supply your personal information to direct marketing agencies, other ING Group entities, selected affiliated service providers, or any of the service providers in relation to the superannuation fund to which ING is the promoter (including the trustee) for the sole purpose of those companies contacting you about ING or ING products and services that may be of interest to you.
If you don’t want to receive marketing offers from us about our products and services or those of another ING Group entity or third party service providers with whom we have a relationship, please let us know by:
We will act promptly on your request and will also ensure that each electronic marketing message sent (e.g. by email) includes a method that enables you to tell us you do not want to receive future electronic marketing material.
You may request access to limited amounts of personal information that we hold about you – such as your address - by calling us on 133 464.
For a more detailed request for access to information that we hold about you, you will need to write to the ING Privacy Officer at GPO Box 4094, Sydney NSW 2001. We may request that you specify the information you wish to access, to help us quickly identify and retrieve that information for you.
Please note that requests for access to your personal information may only be made by you or by another person who you have authorised to make a request on your behalf, such as a legal guardian or authorised agent. We will require you to verify your identity, or the identity and authority of your representative, to our reasonable satisfaction.
An access charge may apply, but not to your request for access itself. In particular, we may impose a reasonable charge for providing access to this information to recover any expenses incurred in retrieving and collating the requested information. Please refer to your product documentation or contact ING for details of any applicable access charge. Where an access charge applies, unless you authorise us to debit your account with us, access won’t be provided until we receive payment.
We will respond to your access request as soon as possible and tell you how long it will take to provide the information. This will usually be in less than 14 days, but may be up to 28 days in some circumstances.
We may exercise our right to deny access to particular information in certain situations, for example where access may reveal our commercially sensitive decision processes (e.g, criteria for loan approvals) or where the information relates to existing or anticipated legal proceedings or where it will threaten the privacy of other individuals.
If we deny you access to your personal information, we will write to you to:
If we refuse to give you access, if appropriate, we will attempt to find alternative means to enable you to access the information, for example, through a mutually agreed intermediary.
We take reasonable steps to ensure that your personal information is accurate, up-to-date, complete, relevant and not misleading. For instance, we may ask you to confirm some of your details when you deal with us via the Contact Centre. However, please contact us if you learn that any your personal information that we hold is incorrect, has changed or requires updating.
We will respond to your correction request as soon as possible – or immediately, if you contact us by phone - and tell you how long it will take us to consider your correction request. This will usually be in less than 14 days, but may be up to 28 days or more in unusual circumstances (e.g. where we are required to consult with other credit reporting bodies and/or credit providers in relation to the information).
We will promptly update your personal information if it is inaccurate, out-of-date, incomplete, irrelevant or misleading having regard to the purpose for which it is held by us. If we correct the personal information the subject of your correction request and we have previously disclosed that information to a third party, we will notify that third party of the corrected information (if we’re required to by law).
If we disagree with your request to correct your personal information we will write to you to:
If we disagree with your request to correct your personal information, you also have the right to ask us to attach a statement that in your opinion the information inaccurate, out-of-date, incomplete, irrelevant or misleading. This right does not apply to our refusal to correct your credit information.
We store personal information in a combination of secure computer storage facilities and paper based files and other records.
We are committed to protecting your personal information from misuse, loss and interference. We also protect it from unauthorised access, modification and disclosure.
We limit access to those staff and service providers properly authorised to have access, including those who manage your financial product, provide you with a financial service or supply you with further information on ING products or services.
We have in place a range of security measures designed to prevent unauthorised access or disclosure of your personal information, including physical security (such as locks and security systems over our electronic and paper stores and premises) and up-to-date computer and network security systems.
If we no longer require your personal information for a purpose, for example, to manage your financial product or provide you with a financial service, then we will take reasonable steps to securely destroy it or permanently remove all identifying features from that information. This obligation is subject to any legal requirements to keep personal information for a certain period of time – in most cases, personal information records are kept for a period of 7 years after their creation or 7 years after an account is closed.
If you have any concerns about this technology and do not wish to accept cookies, you can adjust the settings on your browser to not accept them or to prompt you every time they are about to be stored.
All customers receive a Client Identification Number and Access Code to access their account online. Your Client Number and Access Code are unique identifiers for you. As such, it is a condition of your account to keep your Access Code and any other codes confidential and secure at all times.
The complete terms and conditions relating to the use of the ING Interactive Service (including online banking) are outlined in the relevant terms and conditions for your account.
If you believe or suspect that your codes may have been disclosed to another person or you want to change your Access Code, please contact us immediately by calling one of our Customer Care Specialists 24 hours a day, 7 days a week on 133 464.
Our website may link to other websites that do not belong to any ING Group entity. However, please be aware that we can’t guarantee that the privacy standards of those linked websites will be the same as ours.
We may make changes to our privacy and information handling processes from time to time. To the extent necessary, we will update this policy to reflect those changes and publish it on our websites.
If you wish to obtain further copies of this policy please contact us or download the policy from ing.com.au.
If you have any further questions about privacy at ING please contact us by:
ING is committed to resolving your privacy complaint as quickly as possible and has procedures in place to help resolve any problems or complaints efficiently. Our aim is to assist you by reaching a satisfactory solution as soon as possible.
If you have a complaint or a concern about privacy at ING, including if you consider that we have breached the Privacy Act, the Credit Reporting Privacy Code or other applicable Privacy Code that applies to us, please contact the Privacy Officer by one of the means set out above.
If you are not satisfied with how the complaint or concern about privacy is resolved, you can refer your complaint to the Financial Ombudsman Service Australia (FOS Australia), which is an independent external dispute resolution body.
You can contact them by:
If you are not satisfied with how your complaint is resolved by the FOS Australia, then you can take your complaint to the Information Commissioner. The Commissioner can be contacted on the privacy hotline 1300 363 992 or by going to www.oiac.gov.au.
Please go to the “Complaints and Disputes” section of our website for information on how we deal with your complaints that are not privacy related.
We aim to:
If we form the view that we can’t resolve your complaint within 28 days, we will notify you of the reason for the delay and the expected timeframe to resolve your complaint.