Respecting your privacy and the law
The privacy of your personal information has always been important to us at the National Australia Bank Group ('Group'). We are committed to respecting your right to privacy and protecting your personal information. We are bound by the National Privacy Principles in the Privacy Act 1988 (Commonwealth) and any relevant Health Privacy Principles under State legislation 1, as well as other applicable laws and codes affecting your personal information. Our staff are trained to respect your privacy in accordance with our standards, policies and procedures.
The Group is the National Australia Bank Limited and its subsidiaries such as MLC Ltd. It includes all our banking, financing, funds management, financial planning, superannuation, insurance, broking and e-commerce organisations.
1 For example, those contained in the Health Records Act 2001 (Vic), Health Records and Information Privacy Act 2002 (NSW) or the privacy provisions contained in Part 2 of the Health Records (Privacy and Access) Act 1997 (ACT).
Collecting your personal information
If you are acquiring or have acquired a product or service from a Group organisation, it will collect and hold your personal information for the purposes of:
- providing you with the relevant product or service (including assessing your application and identifying you)
- managing and administering the product or service
- protecting against fraud where it is a banking and finance, or insurance, product or service.
Group organisations may also collect your personal information for the purpose of letting you know about products or services from across the Group that might better serve your financial, e-commerce and lifestyle needs or promotions or other opportunities in which you may be interested.
The information collected may include your name, postal or email address, date of birth, financial details, tax file number, health information or other information the organisation considers necessary.
We will, if it is reasonable or practicable to do so, collect your personal information from you. This may happen when you fill out a product or service application or an administrative form (eg a change of address form) or when you give us personal information over the telephone or counter, or through a Group organisation's website.
In certain cases we collect your personal information from third parties. For example, we may need to collect personal information from a credit reporting agency, your representative (such as a legal adviser), your financial adviser, your employer or publicly available sources of information or any of the other organisations identified below under "Using and Disclosing Your Personal Information".
Using and disclosing your personal information
In line with modern business practices common to many financial institutions and to meet your specific needs (such as where you have a financial adviser) we may disclose your personal information to the organisations described below. Where your personal information is disclosed we will seek to ensure that the information is held, used or disclosed consistently with the National Privacy Principles, any relevant Health Privacy Principles under State legislation and other applicable privacy laws and codes.
The relevant organisations are those
- involved in providing, managing or administering your product or service such as third party suppliers, other Group organisations, loyalty and affinity program partners, printers, posting services, call centres, lenders and mortgage insurers and our advisers
- which are Group organisations who wish to tell you about their products or services that might better serve your financial, e-commerce and lifestyle needs or promotions or other opportunities, and their related service providers, except where you tell us not to
- who are your financial advisers and their service providers
- involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including testing or upgrading our computer systems
- involved in a corporate re-organisation
- involved in a transfer of all or part of the assets or business of a Group organisation
- involved in the payments system including financial institutions, merchants and payment organisations
- involved in product planning and development
- which are your representatives including your legal advisers
- as required or authorised by law, for example, to government or regulatory bodies for purposes related to public health or safety, the prevention or detection of unlawful activities or to protect public revenue
- where you have given your consent.
In addition, for Group organisations offering
- banking and finance products or services- other organisations to which personal information is usually disclosed are card producers, card schemes, credit and fraud reporting agencies, debt collection agencies, mortgage insurance companies, your guarantors, organisations involved in valuing, surveying, or registering a security property or which otherwise have an interest in such property, purchasers of debt portfolios, underwriters, re-insurers and other organisations involved in our normal business practices (such as securitisation)
- financial planning or broking services or personal investment products - other organisations to which personal information is usually disclosed are superannuation and managed funds organisations and their advisers, organisations in which you invest and other organisations involved in our normal business practices (such as securitisation)
- trustee or custodial services - other organisations to which personal information is usually disclosed are superannuation and managed funds organisations and their advisers and other organisations involved in our normal business practices
- life insurance products or general insurance products - other organisations to which personal information is usually disclosed are medical professionals, medical facilities, health authorities, assessors, underwriters, reinsurers and fraud detection agencies and other organisations involved in our normal business practices.
Your personal information may also be used in connection with such purposes.
Because we operate throughout Australia and overseas, some of these uses and disclosures may occur outside your State or Territory and/or outside of Australia. In some circumstances we may need to obtain your consent before this occurs.
Marketing our products and services
We may use or disclose your personal information to let you know about, and develop, products and services from across the Group that might better serve your financial, e-commerce and lifestyle needs or promotions or other opportunities in which you may be interested. For example, we may do this after an initial marketing contact. You can contact us at any time if you no longer wish us to do so (see Contacting us below).
Keeping your personal information accurate and up-to-date
We aim to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date. We will take reasonable steps to make sure this is the case. This way we can provide you with better service.
If you believe your personal information is not accurate, complete or up to date, please contact us (see Contacting us below).
Protecting your personal information
We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse and loss and unauthorised access, modification or disclosure. Some of the ways we do this are:
- confidentiality requirements for our employees
- document storage security policies
- security measures for systems access
- providing a discreet environment for confidential discussions
- only allowing access to personal information where the individual seeking access has satisfied our identification requirements
- access control for our buildings
- the security measures described below under Our Websites.
Your privacy on the Internet
We take care to ensure that the personal information you give us on our websites is protected. For example, our websites have electronic security systems in place, including the use of firewalls and data encryption. Depending on the Group organisation with which you deal, user identifiers, passwords or other access codes may also be used to control access to your personal information. Please refer to the website of those Group organisations with which you transact electronically for more information on our website specific privacy and security procedures.
Links to Other Sites
You may be able to access external websites by clicking on links we have provided. Those other websites are not subject to our privacy standards, policies and procedures. You will need to contact or review those websites directly to ascertain their privacy standards, policies and procedures.
Gaining access to your personal information
You can gain access to your personal information. This is subject to some exceptions allowed by law. Factors affecting a right to access include:
- access would pose a serious threat to the life or health of any individual
- access would have an unreasonable impact on the privacy of others
- a frivolous or vexatious request
- the information relates to a commercially sensitive decision making process
- access would be unlawful
- access would prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security function or negotiations with you
- legal dispute resolution proceedings
- where a third party has given us health information about you in confidence
- denying access is required or authorised by or under law
We will give you reasons if we deny access.
Contact us to get a form requesting access (see Contacting Us below). In some cases we may be able to deal with your request over the telephone or over a counter.
Using Government Identifiers
Although in certain circumstances we are required to collect government identifiers such as your tax file number, Medicare number or pension card number, we do not use or disclose this information other than when required or authorised by law or unless you have voluntarily consented to disclose this information to any third party.
Dealing with us anonymously
You can deal with us anonymously where it is lawful and practicable to do so. For example, if you inquire about our home loan interest rates you do not need to provide your personal details.
Your sensitive information
Without your consent we will not collect information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional or trade association, membership of a trade union, details of health, disability, sexual orientation, or criminal record.
This is subject to some exceptions including:
- the collection is required by law
- when the information is necessary for the establishment, exercise or defence of a legal claim.
Resolving your privacy issues
- You are always welcome to speak directly to our staff and they will do their best to resolve your issue. If investigation is required we will keep you advised of progress. If staff are unable to resolve the matter, it will be escalated as appropriate to facilitate resolution.
- You call our freecall Feedback Line on 1800 152 015 any time between 8am and 8pm Monday to Friday EST.
- You can email your issue on email@example.com.
- You can fill out a 'Resolving Problems' form outlining your issue that will then be forwarded to our customer satisfaction teams. You can obtain one of these forms from any of our branches or ask for one to be sent to you (see "Contacting Us" below).
Unsubmitted on-line applications.
If I start but do not submit an on-line application, the Bank may contact me/us using the contact method I/we nominate in the application to offer help completing it. This may happen within 24 hours after I/we last enter information into the application. If I/we do not submit the on-line application, the information in it will be kept for 28 days then destroyed.
Download a copy of the request for access – personal information form (PDF, 229K) .
Hearing impaired customers with telephone typewriters can contact us on 13 36 77
For more information about privacy in general, you can visit the Federal Privacy Commissioner's website
When you use our mobile application to access NAB Flik, similar security measures are used that apply to the classic view of NAB Internet Banking. The main difference is that payments made above the SMS Security threshold limit in Internet Banking do not need a security SMS code. However, the daily limit to transact using NAB Flik is $1000. This may change from time to time to improve customer security and provide greater convenience.
Find out how you're protected against fraud by NAB Defence; go to nab.com.au/nabdefence.
Remember not to store your NAB ID, password or 4 digit passcode in your mobile. This makes your account vulnerable if someone else gets access to your phone.
It's also a good idea to regularly clear your phone browser's cache, as it might store copies of web pages that contain your banking information. If you're unsure, refer to your mobile phone's instructions
NAB Flik on your mobile is protected with 128-bit encryption.
Lastly, remember to always log out of NAB Flik once you've finished.