Respecting your Privacy
National Australia Bank Limited which has its UK branch (number BR001924) at 88 Wood Street, London EC2V 7QQ (‘NAB’, ‘we’ or ‘us’) provides banking services to businesses. This Data Protection Notice tells you how we collect, use, store and share personal information when we provide these services.
This Data Protection Notice is aimed at individuals who interact with us on behalf of our business clients (‘you’ or ‘your’). We respect your personal information, and take appropriate measures to ensure NAB can engage securely with and for our clients and you.
What personal information do we collect and hold?
The types of information that we collect and hold about you could include:
- ID information such as your name, postal or email address, telephone numbers, and date of birth;
- professional information such as your job title and work experience;
- information which we might need to conduct ‘know your client’ checks such as details relating to your passport and credit history;
- information which arises or is required in connection with the transactions you do with us or through us; and
- other information you may provide to us in the course of your dealings with us.
What sensitive information do we collect?
In limited circumstances, we need to collect special category information about you. Our money laundering, sanctions, financial crime and fraud prevention checks may result in us obtaining information about actual or alleged criminal convictions and offences.
How do we collect your personal information?
How we collect and hold your information
There are many ways we seek information from you. We might collect your information when you contact us by email, telephone or letter. Sometimes we collect information about you from other sources, including where information about you is publicly available (for example from public registers) or made available by third parties. For instance, we do this where:
- your employer and its employees have given us your contact details;
- we need to verify your details;
- we need information for fraud or crime prevention purposes;
- you have explicitly consented to third parties sharing it with us; or
- we exchange information with your legal advisers or other representatives.
Under Money Laundering Regulations, NAB is required to ‘know its clients’. This requires us to ensure that the personal information for all of our clients is correct. We may do this by combining the information that we hold with information collected from or held by external sources.
In addition, we may monitor, measure, analyse and record all telephone and electronic communications with you.
What if you don’t want to provide us with your personal information?
If you don’t provide your personal information to us, we may not be able to:
- communicate with you;
- provide you or your business with our full services; or
- verify your identity or protect against fraud.
How do we take care of your personal information?
We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:
- confidentiality requirements and privacy training of our employees;
- document storage security policies;
- security measures to control access to our systems and premises;
- only giving access to personal information to a person who is verified to be able to receive that information;
- ensuring third parties meet our privacy obligations; and
- electronic security systems, such as firewalls and data encryption on our websites.
We can store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.
What happens when we no longer need your information?
We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.
How we use your personal information
What are the main reasons we collect, hold and use your information?
We may process information about you for the purposes of the following legitimate interests:
- providing products and services requested by you;
- performing administrative and operational tasks within our business;
- identifying you or verifying your authority to act on behalf of a client;
- performing credit reference checks;
- preventing or investigating any fraud or crime, or any suspected fraud or crime;
- marketing financial products provided by us;
- to establish, exercise or defend our legal rights,
or for compliance with a legal obligation or the request of a regulatory body.
We may process sensitive information about you to comply with law or for the prevention, investigation and detection of criminal acts, terrorist financing, fraud and money laundering (or for the purposes of any related prosecution).
Can we use your information for marketing our products and services?
We may use or disclose your personal information to let you know about products and services that we believe may be of interest to your business, including products and services from our related companies or from those we distribute products on their behalf. We will not do this if you tell us not to.
Such marketing activities may be via email, telephone, mail, or any other electronic means. You can let us know at any time if you wish to be removed from our marketing mailing lists or change your marketing preferences (see ‘Contact Us’). We will process your request as soon as practicable.
Who do we share your personal information with?
For the purposes described in ‘How we use your personal information’, we sometimes need to share your personal information with others. We may share your information with other organisations for any purposes for which we use your information.
Sharing with the NAB Group
We may share your personal information with other offices within NAB and related companies, including subsidiaries (‘NAB Group’). This could depend on the transaction your business does with us and the NAB Group member you are dealing with but will not differ from those purposes outlined above. Where appropriate we integrate the information we hold across the NAB Group to provide us with a complete understanding of the transaction and the needs of your business.
Sharing with third parties
We may disclose your personal information to third parties outside of the Group, including:
- those involved in providing, managing or administering the service;
- credit reporting bodies or other approved third parties who are authorised to assess the validity of identification information;
- fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature);
- service providers that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems;
- our joint venture partners that conduct business with us;
- organisations involved in a corporate re-organisation or transfer of NAB Group assets or business;
- organisations that assist with our product planning, analytics, research and development;
- other organisations involved in our normal business practices, including our agents and contractors, as well as our accountants, auditors or lawyers and other external advisers;
- government or regulatory bodies as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities); and
- where you’ve given your consent or at your request, including to your representatives, or advisors.
Sharing outside of the EEA
We are part of the NAB Group, which means that we deal with many international organisations and use global information systems, including in Australia where NAB is headquartered. As a result, we may need to share some of your information with organisations outside of the European Economic Area, which have lower standards of data protection than in your home jurisdiction. Where we do so, we will take steps to ensure that the transfer is subject to appropriate safeguards in accordance with data protection laws. Often, these safeguards include contractual safeguards. You can view a list of the countries in which those overseas organisations are located (in addition to Australia) at www.nab.com.au/privacy/overseas-countries-list/.
We may store your information in cloud or other types of networked or electronic systems. As electronic or networked systems can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed.
What rights do you have under data protection laws?
Data protection laws provide you with various rights. In particular, in the UK you have a right to:
- request a copy of the information we hold about you;
- ask that we update the information we hold for you, or correct information you think is incorrect of incomplete;
- ask that we restrict processing your information;
- ask that we delete the information we hold about you;
- object to use of the information we hold about you, including being removed from marketing mailing lists; and
- withdraw consent to our processing of your information (to the extent such processing is based on consent) or otherwise object to our processing of your information.
If you wish to exercise any of the rights listed above, you can tell us. See ‘Contact Us’.
These rights are not absolute: they don’t always apply. If we don’t comply with your request, we will explain why.
How do you access your personal information?
You can ask us to access your personal information that we hold by sending us a request. In some cases we may be able to deal with your request over the phone.
If we can’t give you access, we will tell you why in writing. If you have concerns, you can complain. See ‘Contact Us’.
Changes to this Data Protection Notice
This Data Protection Notice may change from time to time. Please visit our website regularly as we will let you know of any changes to this Data Protection Notice by posting a notification on our website. In addition, over the course of our relationship with you, we may tell you more about how we handle your information. This could be when you complete an application or form, or receive important disclosure documents from us, such as terms and conditions or a product disclosure statement. We recommend that you review these statements too as they may have more specific detail for your particular product holdings.
How do you make a complaint?
If you have a complaint about how we handle your personal information, we want to hear from you. You are always welcome to contact us (see ‘Contact Us’). We are committed to resolving your complaint and doing the right thing.
If you still feel your issue hasn't been resolved to your satisfaction, then you can escalate your privacy concern to the Information Commissioner. Her website is available at http://ico.org.uk.
We care about what you think. Please contact us if you have any questions or comments about our privacy policies and procedures. We welcome your feedback.
You can contact us by getting in touch with your usual NAB contact or at firstname.lastname@example.org