Respecting your privacy and the law

The privacy of your personal information has always been important to us at the National Australia Bank Group ('Group'). We are committed to respecting your right to privacy and protecting your personal information. We are bound by the National Privacy Principles in the Privacy Act 1988 (Commonwealth) and any relevant Health Privacy Principles under State legislation 1, as well as other applicable laws and codes affecting your personal information. Our staff are trained to respect your privacy in accordance with our standards, policies and procedures.

The Group is the National Australia Bank Limited and its subsidiaries such as MLC Ltd. It includes all our banking, financing, funds management, financial planning, superannuation, insurance, broking and e-commerce organisations.

1 For example, those contained in the Health Records Act 2001 (Vic), Health Records and Information Privacy Act 2002 (NSW) or the privacy provisions contained in Part 2 of the Health Records (Privacy and Access) Act 1997 (ACT).

About this Privacy Policy

This Privacy Policy outlines how we manage your personal information. It also describes generally the sorts of personal information held and for what purposes, and how that information is collected, held, used and disclosed.

Our Privacy Policy applies to all your dealings with us whether at one of our branches, through our call centres, via our websites or an advisor. However, depending on the Group organisation with which you deal, further privacy information may apply in addition to the matters discussed in this Privacy Policy (see, for example, Our Websites below).

We encourage you to check our websites regularly for any updates to our Privacy Policy.

Collecting your personal information

If you are acquiring or have acquired a product or service from a Group organisation, it will collect and hold your personal information for the purposes of:

Group organisations may also collect your personal information for the purpose of letting you know about products or services from across the Group that might better serve your financial, e-commerce and lifestyle needs or promotions or other opportunities in which you may be interested.

The information collected may include your name, postal or email address, date of birth, financial details, tax file number, health information or other information the organisation considers necessary.

We will, if it is reasonable or practicable to do so, collect your personal information from you. This may happen when you fill out a product or service application or an administrative form (eg a change of address form) or when you give us personal information over the telephone or counter, or through a Group organisation's website.

In certain cases we collect your personal information from third parties. For example, we may need to collect personal information from a credit reporting agency, your representative (such as a legal adviser), your financial adviser, your employer or publicly available sources of information or any of the other organisations identified below under "Using and Disclosing Your Personal Information".

Using and disclosing your personal information

In line with modern business practices common to many financial institutions and to meet your specific needs (such as where you have a financial adviser) we may disclose your personal information to the organisations described below. Where your personal information is disclosed we will seek to ensure that the information is held, used or disclosed consistently with the National Privacy Principles, any relevant Health Privacy Principles under State legislation and other applicable privacy laws and codes.

The relevant organisations are those

In addition, for Group organisations offering

Your personal information may also be used in connection with such purposes.

Because we operate throughout Australia and overseas, some of these uses and disclosures may occur outside your State or Territory and/or outside of Australia. In some circumstances we may need to obtain your consent before this occurs.

Marketing our products and services

We may use or disclose your personal information to let you know about, and develop, products and services from across the Group that might better serve your financial, e-commerce and lifestyle needs or promotions or other opportunities in which you may be interested. For example, we may do this after an initial marketing contact. You can contact us at any time if you no longer wish us to do so (see Contacting us below).

Keeping your personal information accurate and up-to-date

We aim to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date. We will take reasonable steps to make sure this is the case. This way we can provide you with better service.

If you believe your personal information is not accurate, complete or up to date, please contact us (see Contacting us below).

Protecting your personal information

We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse and loss and unauthorised access, modification or disclosure. Some of the ways we do this are:

Your privacy on the Internet

Our Websites

We take care to ensure that the personal information you give us on our websites is protected. For example, our websites have electronic security systems in place, including the use of firewalls and data encryption. Depending on the Group organisation with which you deal, user identifiers, passwords or other access codes may also be used to control access to your personal information. Please refer to the website of those Group organisations with which you transact electronically for more information on our website specific privacy and security procedures.

Links to Other Sites

You may be able to access external websites by clicking on links we have provided. Those other websites are not subject to our privacy standards, policies and procedures. You will need to contact or review those websites directly to ascertain their privacy standards, policies and procedures.

Gaining access to your personal information

You can gain access to your personal information. This is subject to some exceptions allowed by law. Factors affecting a right to access include:

We will give you reasons if we deny access.

Contact us to get a form requesting access (see Contacting Us below). In some cases we may be able to deal with your request over the telephone or over a counter.

Using Government Identifiers

Although in certain circumstances we are required to collect government identifiers such as your tax file number, Medicare number or pension card number, we do not use or disclose this information other than when required or authorised by law or unless you have voluntarily consented to disclose this information to any third party.

Dealing with us anonymously

You can deal with us anonymously where it is lawful and practicable to do so. For example, if you inquire about our home loan interest rates you do not need to provide your personal details.

Your sensitive information

Without your consent we will not collect information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional or trade association, membership of a trade union, details of health, disability, sexual orientation, or criminal record.

This is subject to some exceptions including:

Resolving your privacy issues

If you have any issues you wish to raise with the Group, or would like to discuss any issues about our Privacy Policy, then you are able to do so a number of ways:

Unsubmitted on-line applications.

If I start but do not submit an on-line application, the Bank may contact me/us using the contact method I/we nominate in the application to offer help completing it. This may happen within 24 hours after I/we last enter information into the application. If I/we do not submit the on-line application, the information in it will be kept for 28 days then destroyed.

Contacting Us

For more information about our Privacy Policy, please call 13 22 65 and select the option to speak to a Customer Service Representative.

Download a copy of the request for access – personal information form (PDF, 229K) .

Hearing impaired customers with telephone typewriters can contact us on 13 36 77

For more information about privacy in general, you can visit the Federal Privacy Commissioner's website

Download a copy of NAB’s Privacy Policy (PDF, 68K)


When you use our mobile application to access NAB Flik, similar security measures are used that apply to the classic view of NAB Internet Banking. The main difference is that payments made above the SMS Security threshold limit in Internet Banking do not need a security SMS code. However, the daily limit to transact using NAB Flik is $1000. This may change from time to time to improve customer security and provide greater convenience.

Find out how you're protected against fraud by NAB Defence; go to

Remember not to store your NAB ID, password or 4 digit passcode in your mobile. This makes your account vulnerable if someone else gets access to your phone.

It's also a good idea to regularly clear your phone browser's cache, as it might store copies of web pages that contain your banking information. If you're unsure, refer to your mobile phone's instructions

NAB Flik on your mobile is protected with 128-bit encryption.

Lastly, remember to always log out of NAB Flik once you've finished.