Privacy policy

How we protect your privacy

Hume Bank Limited (ACN 051 868 556) (’we’, ’us’, ’our’) is subject to the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles and Part IIIA of the Privacy Act, which regulates the handling of credit information, credit eligibility information and related information by credit providers, and by the Privacy (Credit Reporting) Code.

This Privacy Policy outlines how we deal with your personal information (including credit-related information), as well as our legal obligations and rights in relation to that information. If we agree with you to use or disclose any of your personal information in ways which differ to those stated in this Privacy Policy, the provisions of that agreement will prevail to the extent of any inconsistency.

We may make changes to this Privacy Policy from time to time that are necessary for our business requirements or the law and notify you by updating the policy on our website.

On this page, you will find answers to the following privacy-related questions:

  • What personal information do we collect?
  • How do we use your personal information?
  • Who do we share your personal information with?
  • How do we protect your personal information?
  • How can you access, update and correct your information?
  • What should you do if you have questions or complaints about our privacy?
  • How can you get in contact with us?

A bit of background

Hume Bank Limited (ACN 051 868 556) (“we”, “us”, “our”) understands your privacy is important to you and we value your trust. We will only ask you for information that we need to offer you our products and services.

When handling your personal information, we are bound by the Australian Privacy Principles in the Privacy Act 1988 (Cth) (“Privacy Act”). We are also bound by the Division 3 of Part IIIA of the Privacy Act and the Privacy (Credit Reporting) Code, which regulates the handling of credit information, credit eligibility information and related information by credit providers.

This Privacy Policy outlines how we deal with your personal information (including credit-related information), as well as our legal obligations and your rights in relation to that information. If you are located in the European Union (“EU”), you may also have rights under the General Data Protection Regulation (“GDPR”).

If we agree with you to use or disclose any of your personal information in ways which are different to those stated in this Privacy Policy, the provisions of that agreement will prevail to the extent of any inconsistency.

What personal information do we collect?

Personal information is information or an opinion about you that may identify you or by which your identity may reasonably be determined. We collect personal information about you when you contact us, use our products or services, visit our website (see our website terms of use) and use our iBank or Hume Bank’s App. Where possible, we will collect personal information directly from you. We may also collect personal information about you from third parties, including any referees you provide, your employer, other financial institutions and credit reporting bodies (we currently use Equifax Pty Ltd).

At the time we collect personal information about you (or as soon as possible after), we will ensure we notify you about our Privacy Policy.

The types of personal information we may collect includes:

  • Your name, contact details, date of birth, tax file number, gender, marital status, financial and transaction information (e.g. income, savings, lending history, expenses).
  • If you visit our website, login to iBank or Hume Bank’s App– the time and date of your visit, any information you download, your browser type and IP address.
  • Sensitive information, including race or ethnic origin, health, and criminal information. Unless we are required or permitted by law to collect your sensitive information, we will ask for your consent.
  • Credit eligibility information, which is information that has been obtained from a credit reporting body about your credit worthiness. The information we might collect about you includes a credit assessment, an unsuitability assessment and a credit score.
  • Credit information, including the types and amount of credit you have previously applied for with any institution, the types and amount of credit you have, repayment history, default information, court proceedings and judgments against you, personal insolvency information and publicly available information about your creditworthiness.
  • Information we record about your relationship with us, including your interactions with us, your PayID, the products you hold and the services we provide to you.

Our website may contain links to third party websites. Our Privacy Policy does not apply to external websites. If you want to find out about how any third parties handle your personal information you will need to obtain a copy of their privacy policy.

Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers, such as Hume Bank, to assist them assess an individual’s credit worthiness and in managing credit risk, collecting debts and other activities. You can ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if:

  • You believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud
  • You do not consent for your credit information to be used for pre-screening activities for direct marketing purposes

How do we use your personal information?

We use your personal information to provide products and services to you. You do not have to provide us with your personal information if you do not want to, but this may mean we are unable to provide you with some of our products and services. If you do not provide us with your tax file number, we may be required to withhold amounts from your account and send them to the Australian Taxation Office.

We will only use your personal information for the purpose for which you have given your valid or explicit consent for, which we will ensure we have obtained before we process your information.

We collect, use, process and exchange your personal information so we can:

  • Confirm your identity
  • Assess and process your application for a product or service
  • Assist you with any enquiries or concerns
  • Act on your instructions – for example, payment instructions
  • Design, manage, price and provide our products and services
  • Manage our relationship with you – for example, send you account statements, charge or bill you, or contact you to tell you something important
  • Collect overdue payments due under our credit products
  • Improve our service to you and your experience in dealing with us
  • Minimise risks and identify fraud and other illegal activities
  • Comply with laws such as the Anti Money Laundering and Counter-Terrorism Financing Act 2006 and the National Consumer Credit Protection Act 2009
  • Assist government and law enforcement agencies

We may also collect, use, process and exchange your information for other reasons where the law allows us or requires us to.

We may use your personal information to tell you about products and services, including those offered by third parties, that we think you might be interested in. To do this, we may contact you by:

  • SMS
  • Phone
  • Email
  • Mail
  • Social media
  • iBank
  • Hume Bank’s App

We may also provide your details to other organisations for specific marketing purposes.

If you do not want to receive direct marketing messages or want to change your contact preferences, logon to iBank and select ‘additional services’, then ‘personal details’. You can also contact us on 1300 004 863 or drop into one of our branches.

Who do we share your personal information with?

We may disclose your personal information (including credit related information) to third parties for the reasons set out in section 3. These third parties can include:

  • Service providers – for example, mortgage insurers, organisations we use to verify your identity, payment systems operators, mailing houses, debt collection agencies, statement production providers and research consultants
  • Our product and referral partners – for example Allianz Australia Insurance Limited and Bridges Financial Services Pty Ltd
  • Brokers, agents, advisers and people who act on your behalf – such as your parent (if you are under 16), guardian, or a person with a Power of Attorney
  • Guarantors and other security providers
  • Current or previous employers – usually to confirm your employment
  • Auditors, insurers and reinsurers
  • Organisations involved in our funding arrangements, like loan purchasers and their professional advisers;
  • Other banks and financial institutions – for example, if we need to process a claim for a mistaken payment or prevent fraud
  • Bank feed providers that retrieve your transaction data or statements from other financial institutions and send them to us; we only collect information from bank feed providers where you have authorised the bank feed provider to send it to us
  • Government and law enforcement agencies or regulators
  • Credit reporting bodies (we currently use Equifax Pty Ltd) and credit providers
  • Courts, tribunals and dispute resolution bodies (such as the Australian Financial Complaints Authority)
  • Organisations that help identify illegal activities and prevent fraud

You may also request Hume Bank to share your personal information with an accredited third party by providing your consent through the Consumer Data Right Regime. For more information please refer to our Consumer Data Right Policy on our website.

Sending information overseas

As our operations are only in Australia, we typically would not send your personal information overseas unless:

  • It is to complete a transaction, such as an international money transfer
  • Comply with laws, and assist government or law enforcement agencies

If we do need to send your personal information overseas, we will do so on the basis that:

  • The information will be used only for the purposes set out in this Privacy Policy
  • Our approach for disclosing this information is consistent with the requirements outlined in the Australian Privacy Principles, or where applicable, the GDPR
  • We are permitted by Australian law or, where applicable, the GDPR

How do we protect your personal information?

The security of your personal information is important to us. Some of the ways we protect your information include:

  • Secure handling and storage: We store your hard-copy and electronic records in secure buildings and systems. We also make sure our third party service providers have arrangements in place to protect your information.
  • Staff training: We train our staff in how to keep your information safe and secure.

  • System security: We use up to date security measures on our website. Any data containing personal information which we transmit via the internet is encrypted. We have firewalls, intrusion detection, virus scanning tools and password protection to stop viruses and unauthorised people accessing our systems./li>
  • Building security: We have a number of controls to prevent unauthorised access including cameras and alarms.

We aim to keep your information for as only as long as we need it. We are required to keep your information for 7 years from the closure of accounts. We may also need to retain certain personal information after we cease providing you with products or services to enforce our terms, for fraud prevention, to identify, issue or resolve legal claims or for proper record keeping. When we no longer need your personal information, we will take reasonable steps to ensure it is destroyed or de-identified.

While we take all reasonable measures, no data transmission over the internet can be entirely secure. To assist us, we expect you to take appropriate steps to ensure the security of your personal information including keeping access to your passwords confidential, destroying any documentation we send to you containing your access passwords and logging out properly when you leave your computer.

How can you access, update & correct your information?

If you would like to access, update or request a correction to your personal information you can do so by using any of the methods under “How to contact us”.

Requests to access personal information are referred to our Privacy Officer. Before we can provide you with access to your information we may require you to establish your identity and you will need to complete a Request for Access form. We will respond to your request for access within a reasonable time. In some cases, we can refuse access or only give you access to certain information. If we do this, we will provide you with reasons for the refusal.

There is no fee to ask for your information, but we might charge an access fee to cover our costs. If there is a fee, we will let you know how much it is likely to be so you can decide if you want to proceed with your request.

It is important that we have your correct details, such as your current home and email address. If you believe any information we hold about you is incorrect, incomplete or not current, you can request that we correct your details. We will respond to your request within a reasonable time. If the information was given to us by a credit reporting body, we may need to check with them or the relevant credit provider before we can change it. If we do not think the information needs correcting, we can refuse to correct the information. If we do this, we will provide you with reasons for the refusal.

Additional rights for EU residents

You have the right to ask us to delete your personal information if we no longer need it. There may be legal or other reasons why we can’t erase your personal information. If we refuse your request, we will provide you with reasons for the refusal.

In certain circumstances, you can also:

  • Object to, or ask us to restrict our use of your personal information
  • Ask us to provide you with a copy of your personal information in a format that can be easily reused

What should you do if you have questions or complaints about our privacy?

If you have any questions, concerns or complaints about the handling of your personal information you can tell us by using any of the methods under “How to contact us”.

Complaints about your privacy are handled in accordance with our internal dispute resolution process, which can be found on our website humebank.com.au

We will respond to your complaint as soon as possible and try to resolve it within 21 days.

If you are not satisfied with the outcome of your complaint, you can contact the Australian Financial Complaints Authority, which is an independent dispute resolution scheme that can consider most complaints involving financial services. Its services are free of charge.

You can also contact the Office of the Australian Information Commissioner if your complaint is about how we handle your personal information. If you’re in the EU, there are data protection authorities that may be able to deal with your complaint, depending on which country you’re in. Details can be found on the European Commission’s website ec.europa.eu

Australian Financial Complaints Authority
Phone: 1800 931 678
Mail: GPO Box 3, Melbourne, VIC 3001
Website: afca.org.au

Office of the Australian Information Commissioner
Phone: 1300 363 992
Mail: GPO Box 5218, Sydney NSW 2001
Website: oaic.gov.au

How can you get in contact with us?

To update your details, including your preferences about how we contact you or ask not to receive direct marketing:

If you use iBank

  • ​Login to iBank via our website humebank.com.au, click ’My Options’ and select either Address Details or Contact Details once entering your OTP.

​​If you don’t use iBank

To ask a question, request access to your personal information, make a correction or get a printed version of this policy:

To make a complaint about the handling of your personal information

If you are an EU resident and have an enquiry relating to your rights under the GDPR: