Updated: 31st October 2018
|1.1||In handling your personal information, Maleny Credit Union (ABN 52 087 650 995) and its controlled entities (“MCU”/“credit union”/”we”/”us”) are committed to complying with the Australian Privacy Principles under the Privacy Act 1988 (cth) (“Privacy Act”). We are also bound by the Division of Part IIIA of the Privacy Act, which regulates the handling of credit information, credit eligibility information and related information by credit providers.|
|2.||KEY TYPES OF INFORMATION|
“Personal information” means information or an opinion about an individual who is identified, or who can reasonably be identified, from the information. Although we try to make sure that all information we hold is accurate, “personal information” also includes any inaccurate information about the individual.
“Credit eligibility information” means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about an individual’s credit worthiness.
“Credit information” means personal information that includes the following:
“Credit-related information” means credit information, credit eligibility information and related information.
|3.||COLLECTING PERSONAL INFORMATION ABOUT YOU|
|3.1||MCU only holds personal information that is necessary to perform the normal functions of our products and services. Wherever possible, we will collect personal information (including credit information) directly from you.|
|3.2||This information will generally come from what you provide in your application for one of our products or services and supporting documentation. This in turn depends upon the type of product or service you request. It may include:
|3.3||The law also requires us to collect and hold personal information about you:
If you fail to provide this information, then the Credit Union may be unable to process your request for a product or service.
|3.4||We may also collect personal information (including credit-related information) about you from third parties, such as any referees that you provide, your employer, other credit providers and third-party service providers including credit reporting bodies.|
|3.5||Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers and others in the credit industry to assist them in managing credit risk, collecting debts and other activities.|
|3.6||From 12 March 2014, you can also ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.|
|3.7||Some information is created through our internal processes, like credit eligibility scoring information.|
|4.||USING YOUR PERSONAL INFORMATION|
|4.1||MCU respects your privacy. We collect and hold personal information (including credit related information) about you for the purpose of providing products and services to you and managing our business. This may include:
|4.2||In addition, MCU may also use your personal information to provide you with information about other products and services offered or distributed by the credit union or a related company of the credit union. However, this will only be done with your consent. MCU does not use external identifiers to assist us in the management of personal information.|
|4.3||Under our Constitution, which Members have adopted and only they can agree to amend, we are required to provide you with certain information. This information includes notices of meetings, elections and any proposed changes to the Constitution.|
|4.4||We are also legally bound to provide certain documents such as statements. We include Member newsletters and other inserts with Members’ statements, because they contain important information relating to Members’ accounts and current services which Members would not otherwise receive.|
|4.5||In general, we do not use or disclose your personal information (including credit-related information) for a purpose other than:
|5.1||We may disclose your personal information (including credit-related information) to other organisations, for example:
|5.2||MCU contracts out some of our functions, as mentioned above, to external service providers. Your personal information may be disclosed to them so that they can provide the services that has been contracted out to them. We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.|
|5.3||We will not disclose your personal information overseas.|
|6.1||Where it is necessary to do so, we may collect personal information about you that is sensitive. Sensitive information includes information about an individual’s health, and membership of a professional or trade association.|
|6.2||Unless we are required or permitted by law to collect that information, we will obtain your consent. However, if the information relates directly to your ability to meet financial obligations that you owe to us, then you are treated as having consented to its collection.|
|7.||REFUSAL OF CREDIT APPLICATIONS|
|7.1||We may refuse an application for consumer credit made by you individually or with other applicants. Our refusal may be based on credit eligibility information obtained from a credit reporting body about either you, another applicant or another person proposed as guarantor. In that case, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.|
|8.1||MCU stores your personal information with a strong emphasis on its security and the protection of your privacy. We take all reasonable steps to ensure that your personal information (including credit-related information), held electronically or otherwise, is protected from:
|8.2||We ask you to keep your passwords and personal identification numbers safe, in accordance with our terms and conditions.|
|8.3||When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we take reasonable steps to ensure that it is destroyed or de-identified.|
|9.||NOTIFIABLE DATA BREACHES|
|9.1||MCU has an ongoing obligation to take reasonable steps to handle personal information in accordance with AAP1 and 11 under the Privacy Amendment (Notifiable Data Breaches) Act 2017. This includes protecting personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.|
|9.2||If a suspected or known breach occurs MCU’s first priority is to contain the suspected or known breach. Therefore, we will take immediate steps to limit any further access or distribution of the affected personal information, or the possible compromise of other information.|
|9.3||An assessment will be performed to determine if the data breach is likely to result in serious harm to any of the individuals whose information was involved. Any required remedial action will be determined as part of this assessment process.|
|9.4||If there is reasonable grounds to believe that serious harm will result MCU will then prepare a statement for the Office of the Australian Information Commissioner, notify the individuals concerned and APRA.|
|9.5||If it is not practicable to notify the specific individuals concerned, then a statement will be published on the MCU website providing details of the notification and an explanation as to what we are doing to rectify the breach.|
|9.6||A review will be conducted of the incident and action taken to prevent future breaches.|
|10.1.1||Visiting our website
Anytime you access an unsecured part of our website, that is, a public page that does not require you to log on, we will collect information about your visit, such as:
This data is recorded via Google Analytics and thus stored on the internet. Neither personal data, nor any data entered into website forms are sent to/kept by Google.
Our website also includes a number of calculators and electronic forms, which may require you to enter your personal details. If you save the data you enter on the calculator or form, then this information will be stored on your local computer unless changed by the user.
When we receive emails, we will retain the content of the email and our response to you where we consider it necessary to do so.
Your email address will only be used or disclosed for the purpose for which it was provided. It will not be added to any mailing lists or used for any other purpose without your consent.
We use up-to-date security measures on our website to protect your personal information and your credit information. Any data containing personal, credit or related information which we transmit via the internet is encrypted. However, we cannot guarantee that any information transmitted via the internet by us, or yourself, is entirely secure. You use our website at your own risk.
|10.1.5||Links on our website
|11.||ACCESS TO YOUR PERSONAL INFORMATION|
|11.1||In most cases, you may gain access to personal information the credit union holds about you. MCU will handle requests for access to your personal information in accordance with the NPPs. All requests for access to your personal information will be handled by the Privacy Access Officer, who can be contacted by telephone or in writing at the telephone number and postal and email addresses set out in item 5 below.|
|11.2||You may request access to the personal information (including credit-related information) that we hold about you at any time.|
|11.3||We will respond to your request for access within a reasonable time. If we refuse to give you access to the personal information, then we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. You can contact our Privacy Officer if you would like to challenge our decision to refuse access.|
|11.4||There will be no charge for lodging a request for access to personal information. However, there may be a charge for providing access to the information to you. You will be advised at the time of your application for access, of the applicable fee. Please refer to our current Schedule of Fees Accounts and Access Facilities for the current fee for this service.|
|13.1||We may use your personal information, including your contact details, to provide you with information about products and services, including those of third parties, which we consider maybe of interest to you. We are permitted to do this while you are our customer, and even if you are on the Do Not Call Register.|
|13.2||We may also provide your details to other organisations for specific marketing purposes.|
|14.||QUESTIONS AND COMPLAINTS|
|14.1||To get more information about the way the credit union manages personal information held about you OR if you are concerned that the credit union may have breached your privacy and wish to make a complaint, please contact the telephone number, postal or email addresses set out below.|
|14.2||Once a complaint has been lodged, the Privacy Officer will respond to you as soon as possible. We will aim to deal with your complaint at the source of your complaint. If you are not satisfied with the response you receive, please let us know and our Member Services Team will investigate further and respond to you.|
|14.3||If you are still not satisfied, then you can contact external bodies that deal with privacy complaints. These are the AFCA scheme which is our external dispute resolution scheme, the Federal Privacy Commissioner or, in the case of insurance-related privacy complaints, the Australian Prudential Regulation Authority. Any of these bodies may forward your complaint to another external dispute resolution body if it considers the complaint would be better handled by that other body.|
|15.||CONTACTING US FOR FURTHER INFORMATION|
|15.1||Our Privacy Officer’s contact details are:|
© copyright exists in this document