Privacy and Credit Reporting Policy

This is the Privacy and Credit Reporting Policy (Policy) for Bank of Sydney Limited ACN 093 488 629 AFSL and Australian Credit Licence 243444 (Bank of Sydney) and its associated companies. In this Policy, the words “we” or “us” refer to Bank of Sydney, any of our associates.

This Policy sets out how we collect, use and disclose your ‘personal information’. Under the law, ‘personal information’ has a broad definition, however, it really means ‘information that is not generally available and from which you can be identified’. In Australia, ‘personal information’ includes ‘credit information’.

If you use our website or apply for one of our products or services you agree to be bound by the Policy. If you do not provide the ‘personal information’ requested by us, we may not be able to provide you with our products and services.

This Policy will be reviewed and updated from time to time. Any ‘personal information’ we hold about you will be governed by our most current Policy. You should check our website regularly and review this Policy for any changes.

This Policy was last updated in February 2019.

1. What regulations protect your ‘personal information?

When you give us your ‘personal information’, your ‘personal information’ is protected under the Australian Privacy Act (including the Australian Privacy Principles (APPs)) and any applicable APP Code.

2. What kinds of ‘personal information’ do we collect about you?

In this Policy, if we use the words ‘personal information’, we mean ‘personal information’ (including ‘credit information’ and ‘sensitive information’ under Australian law.

The kinds of ‘personal information’ that we collect may include your name, date of birth, address, telephone number, email address, driver’s licence number, marital status, number and age of your dependents and employment history. In addition, if you apply for credit, we may collect ‘credit information’ including information about your income, assets, liabilities and repayment history information.

Generally we do not collect ‘sensitive information’ about you. However, if you make an application for a loan to be varied on the grounds of hardship we may collect health information about you. We will only collect sensitive information about you with your consent.

3. Why do we collect your ‘personal information’?

We collect ‘personal information’ about you so that we can provide you with our products and services. This includes:

  • providing you with access to our website;
  • answering your questions;
  • identifying you in accordance with our obligations under the Anti-Money Laundering / Counter Terrorism Financing Act;
  • performing administrative and operational tasks (including systems development and testing, staff training, and market or customer satisfaction research);
  • when you participate in a competition or promotion offered by us;
  • when you attend a function at our offices; and
  • providing you with our products and

We also collect your ‘personal information’ so that we can contact you and provide you with information about products and services that may be of interest to you.

4. Who can give us ‘personal information about you?

Where reasonable and practical we will only collect your ‘personal information directly from you. However, we may also collect information about you from third parties, such as a partner or spouse who contacts us on your behalf, from our contractors who supply services to us, from advisers such as accountants or lawyers or from other organisations authorised by you.

We may also collect ‘credit information’ about you from credit-reporting bodies when authorised by you to do so.

If you provide personal information to us about someone else, you must ensure that you are entitled to ‘personal information about someone else’, you must make sure that the individual concerned understands the matters set out in this Policy and has provided their consent to be bound by this Policy.

5. How do we collect your ‘personal information’?

We collect your ‘personal information’ in many ways. These can include:

  • when you contact us by telephone, email or via our website;
  • when you create or update a user profile that includes personal information such as your name and contact details;
  • when you apply for one of our products or services;
  • when you attend a function we hold;
  • when you participate in a competition or promotion offered by us; or
  • when you apply for employment with

When you access our website, we may collect ‘personal information’ about you using ‘cookies’. ‘Cookies’ are files that are implanted in your hard drive or device to collect, store and receive identifiers and information about your usage of our website as well as information about where you are located at the time you access our website (using GPS, Bluetooth,

or WiFi signals, depending on the permissions that you have granted). By using ‘cookies’ we are able to enhance and personalise our website to better suit your needs.

6. How do we use your ‘personal information’?

We will only use your ‘personal information’ for the purpose for which it has been provided, for reasonably related secondary purposes, any other purpose you have consented to and any other purpose permitted under the Privacy Act.

The ways that we use your ‘personal information’ may include:

  • to improve and personalise our website for you;
  • to develop new features, products and services;
  • to notify you about new features and products;
  • to provide you with information about our products and services;
  • to assess your application for credit or your application to guarantee credit we provide to someone else;
  • to conduct research for our own internal purposes;
  • to assess, process and manage your application for employment; and
  • to handle any complaints that you may

We may also aggregate the ‘personal information’ that we collect for reporting and statistical purposes and to help us improve our website. If we disclose any aggregated information to a third party, the information will be de-identified and will not contain any personally identifiable information.

You agree that we may use your ‘personal information’ for any of these purposes.

7. To whom can we disclose your ‘personal information’?

We may disclose your ‘personal information’ to:

  • participants in the payments system and other financial institutions for the purpose of resolving disputes, errors or other matters arising out of use of our other products and services;
  • organisations that provide products or services used or marketed by us, including, other credit providers, funders, lenders, valuers, trustee companies, financial institutions and securitisers, mortgage insurers, title insurers, surveyors, credit reporting agencies, rating agencies and debt collectors;
  • your employer/s or referees, your guarantors, your professional advisors and your bank;
  • companies and contractors who we retain to provide services for us, such as IT contractors, ‘software as a service providers’ (such as email engines and contract management service providers), call centres, stationery printing houses, mail houses, storage facilities, lawyers, accountants and auditors;
  • organisations considering acquiring an interest in your loan or our business and assets generally; and
  • Other individuals or companies authorised by

You consent to us disclosing your information to such entities without obtaining your consent on a case by case basis.

Sometimes we are required or authorised by law to disclose your ‘personal information’. For example, we may disclose your ‘personal information’ to a Court, Tribunal or law enforcement agency in response to a request or subpoena or to the Australian Taxation Office.

8. Will we send your ‘personal information’ offshore?

We use several outsourced service providers in order to enhance your ease of doing business with us. Some of these third party suppliers may be located in countries outside of Australia. Some of the services provided by our third party suppliers may also be located in the cloud.

We only use highly reputable third party suppliers and we take all reasonable steps to ensure that our suppliers abide by the high standards that protect ‘personal information’ disclosed to us in Australia. Our contracts with these third parties generally include an obligation for them to comply with Australian privacy law and with our Policy and

generally, we will maintain control of any data that is released to these third-party service providers. This means that even though we may send your ‘personal information’ to a third party provider, that provider cannot see your ‘personal information’ and cannot use your ‘personal information’ for their own purposes.

However, not all countries have the same high standards for the protection of your ‘personal information’ as Australia and by using our website or by asking us to provide you with one of our products or services, you specifically consent to us sending your data out of Australia to countries located in the Americas, Asia or Europe and to the cloud.

9. Notifiable Matters

If you apply for a loan with us, we may provide your ‘credit information’ to a credit reporting body. The credit reporting body may provide the information that we report about you to other credit providers to assist them to assess your credit worthiness. We may also obtain information that other credit providers have provided to a credit reporting body to use in our assessments of your credit-worthiness.

If you fail to meet your payment obligations in relation to any loan that we have provided to you, or any loan that we have arranged for you, or if you commit a serious credit infringement, we may report this to a credit reporting body.

The information that we provide to a credit reporting body may sometimes be used for ‘pre-screening’ of direct marketing offers to be made by another credit provider. You may contact the credit reporting body to request that your ‘credit information’ is not used in this way.

If you think that you have been a victim of fraud or think that the ‘credit information’ a credit reporting body holds about you is incorrect, you may also contact the credit reporting body to ask them not to use or disclose your ‘credit information’. The credit reporting body must not use or disclose your ‘credit information’ for a period of 21 days after receiving your notice. For further information about credit reporting bodies, visit:

You can also contact us to access the ‘credit information’ that we hold about you and correct that information if you think that it is incorrect. See section 16 of this Policy for more information about this.

10. Will we use your ‘personal information’ to send you information about our products and services’? (Direct Marketing)

We may use your ‘personal information’ to send you information about our products, services and special offers, new products or services we are introducing or about changes to our organization. By providing us with your’ personal information’, you consent to us using your ‘personal information’ to contact you on an ongoing basis for this purpose, including by SMS, social media, email, telephone or mail.

If you do not want us to send you marketing information, you can contact our Privacy Officer on the details in section 16 of the Policy to ‘opt out’ of receiving this type of information. There is no charge if you elect to ‘opt out’ of receiving these types of updates and we will take all reasonable steps to ensure that you stop receiving them as soon as possible.

11. How can you access and correct the ‘personal information’ that we hold about you?

We want to ensure that your ‘personal information’ is always accurate, complete and up to date. Please help us to do this by contacting our Privacy Officer on the details in section 16 of this Policy if any of the personal details you have given us have changed or if you believe that the ‘personal information’ that we hold about you is inaccurate.

You can ask us to provide you with access to the ‘personal information’ that we hold about you at any time. We will get back to you as soon as possible, however, for your protection, we may need to verify your identity before we give you access to your ‘personal information’.

There are situations where we cannot give you to access to your ‘personal information’ or may refuse to correct your ‘personal information’. For example, in some situations it may be unlawful for us to do so. We will advise you of any such situations if they arise.

12. For how long will we hold your ‘personal information’?

We will only keep ‘personal information’ that we hold about you while we need it or while we are required by law to keep it. Once we no longer need your ‘personal information’, we will take all reasonable steps to destroy it or to de-identify it.

At any time we hold your ‘personal information’, we will only use and disclose as set out in this Policy.

13. Is the ‘personal information’ that we hold about you secure?

While we hold ‘personal information’, about you, we will take all reasonable precautions to protect it from misuse, interference, loss, unauthorised access, modification or disclosure.

However, although we endeavour to provide a secure online environment, there are inherent risks associated with the transmission of information via the internet and no data transmission over the internet can be guaranteed to be completely secure. We therefore cannot guarantee the security of any ‘personal information’ that you provide to us over the internet and you do so at your own risk.

We encourage you to help us to keep your ‘personal information’ secure by selecting a secure password and maintaining the confidentiality of that password. It is your responsibility to maintain confidentiality of your password and we will not be liable for any damage, loss or expense suffered because you have disclosed it or made it available to someone else.

14. What happens if you click on a link to a third party’s website that is contained on our website?

Our website may contain links to third party websites and social media features that are hosted by a third party. A link to another website does not mean that we sponsor, endorse or approve the information found on that website. We are not responsible for the privacy policies or practices of third party websites or social media features and you use of those websites and features are governed by the privacy policies and practices of the hosting entities.

15. Can you get a copy of this Policy in a different format?

If you would prefer to receive a copy of this Policy (including Section 9 about ‘Notifiable Matters’) in a different form (for example in hard copy or via email) please contact our Privacy Officer on the details in section 16 of this Policy. We will be pleased to comply with your request.

16. How can you contact us?

If you have any questions or complaints about this Policy or our treatment of your ‘personal information’, or if you would like to access or correct your ‘personal information’, please contact our Privacy Officer on:


Telephone: 13 95 00

We will respond to you promptly and will aim to resolve your query or complaint within 30 days. If you are still not satisfied following our response to you, you can contact:


For more information


Phone: 13 95 00 (Mon - Fri, 9.30am - 5.00pm AEST)


Bank of Sydney
Ltd GPO Box 4288
Sydney NSW 2001