This policy outlines how Judo Bank Pty Ltd and its related bodies corporate (Judo, we, us or our) seek to manage personal information about individuals, including Judo’s customers and prospective customers.
We are subject to a number of requirements to protect the privacy, confidentiality and security of personal information, including the Privacy Act 1988 (Cth) (the Privacy Act), the Australian Privacy Principles set out in the Privacy Act and the Privacy (Credit Reporting) Code 2014 (the CR Code) as applicable, and we take those obligations seriously.
2. What types of personal information do we collect?
Below we summarise some of the main types of personal information that we collect, both generally and for particular kinds of individuals we deal with. In addition to these types of personal information, we may collect other personal information as permitted or required by law.
- contact details, e.g. address, email address, telephone number;
- occupation, organisation and position;
- activity information, e.g. enquiries, complaints and other information about your interactions, dealings and communications with us or relating to our business, including any contact by telephone, email or online and activity at our websites and physical sites; and
- details of interests, preferences and opinions relevant to our business and operations.
2.2 Customers and prospective customers
The types of personal information that Judo also collects about such people (and about employees and officers of customers and prospective customers and other individuals who act or propose to act as guarantors for customers) may include:
identification details, e.g. date of birth, gender, tax file number, driver’s licence, passport, birth certificate, Medicare details, utility bills, prior addresses;
payment and account details, e.g. bank account details, internet banking log-in details;
transaction and account balance information;
health information, e.g. where relevant to a hardship application, workplace safety or payroll matters; and
where we are providing or offering credit, the following types of personal information (“credit-related personal information”), including in relation to your arrangements with other credit providers, and historical information:
- identification information, e.g. name, date of birth, sex, address, employer, driver’s licence;
- the type and amount of credit sought in a credit application made by you or by a person for whom you are, or propose to be, a guarantor, and the names of relevant credit providers to whom an application was made;
- details of your credit providers, including the nature and maximum amount of credit and the dates and key terms of those arrangements;
- details of credit checks made about you with a credit reporting body (CRB);
- payment defaults;
- payments or any new arrangements made by you in respect of any defaults previously recorded with a CRB;
- details about credit-related court proceedings and personal insolvency;
- whether, in the opinion of a credit provider, you have committed a serious credit infringement;
- information about your history of making repayments;
- publicly available information relevant to your credit worthiness;
- information derived from the above credit-related personal information, such as summaries, credit scores and risk ratings, generated by us or obtained from a CRB.
We may collect a range of personal information relating to individuals who are investors in, or associated with investors in, Judo. This may include:
- identification details, e.g. date of birth, gender, tax file number, driver’s licence, passport, birth certificate, utility bills, prior addresses;
- payment and account details, e.g. bank account details;
- number of shares held;
- your Australian Business Number or the Australian Business Number or Australian Company Number of any business or company associated with you;
- the name of any trust associated with you, and other information relating to the trust such as the name of the trustee and details of any corporate trustee (including the names of the directors, company secretary and shareholders of that corporation); and
- the names of any additional contact people nominated by you, such as your accountant representative or manager.
2.4 Working for or with Judo and prospective employees
If you are employed or engaged by Judo (directly or indirectly, e.g. as an employee of a labour hire company or as a contractor or supplier), or are being considered for a role with Judo, we may also collect personal information about you that may include, depending on the nature of your role or potential role, your:
- academic results and qualifications;
- expertise and experience;
- employment history;
- personal interests;
- current salary and salary expectations; and
- background information about you including, for example, your criminal record.
2.5 Users of our website and online services
If you use our website, apps or other online services, we may also collect device and browser/app information, e.g. IP address, general location inferred from IP address, device type, device identifier, operating system, browser, app, version and language. Note that this information will not always be personal information as we will not always be able to reasonably identify an individual from the information.
3. How do we collect your personal information?
The main way we collect personal and credit information about you is when you give it directly to us, or when we receive it from a third party whose details you give us e.g. a referee (if you seek to work for us) or a guarantor or anyone else listed on a credit application form. We often gather this information through application forms, via surveys or through other communications via email or telephone (for example when you contact us to ask for information).
We may also collect your personal information in any of the following ways:
- third parties: the types of third parties to which we may disclose personal information (see section 5 below);
- public sources: information available to the public, including via public registers such as the National Personal Insolvency Index;
- social media: if you access a social media page operated by us, the information we collect about you may include your user ID and/or user name associated with that social media service, any information or content you have permitted the third party social media service to share with us, such as your profile picture, email address, followers or friends lists, and any information you have disclosed in connection with that social media service;
- our website: each time you visit our website, we may collect information about your use of the website. This may be from internet browsing or accessing our website via mobile or tablet applications;
- search engines, third party websites and social media pages: for example, if you apply for a job with us, we may conduct background checking through these means;
- cookies: we may use technology called ‘cookies’ when you visit our website. Cookies can record information about your visit to our website. The cookies we send to your computer cannot read your hard drive or command your computer to perform any action. Your web browser may allow you to delete or turn off cookies, or prompt you when they are being used. See allaboutcookies.org for instructions for many common browsers. Turning off cookies may restrict your use of our website and access to your accounts;
- private messaging: we may invite you to send your details to us via private messaging, for example, to answer a question about your account;
- activity records: we may keep records of your interactions with us and activity relating to our operations, sites and facilities (for example records from CCTV, site access, telephone recordings and use of IT resources);
- participation in activities or competitions: you may also be invited to share your personal information through secure channels to participate in other activities, such as competitions; and
- derived information: we may derive personal information from other personal information we hold, e.g. by combining, supplementing, analysing and evaluating data. For example, we may combine credit-related personal information from a CRB with our own information relevant to your creditworthiness, to derive further information about your creditworthiness which we may use to determine whether to offer credit to you (and if so, on what terms).
4. Why do we collect your personal information?
Judo collects, holds, uses and discloses personal information in order to:
- assess applications for, or offer, any products and services requested by our customers and prospective customers;
- understand and manage our customers’ needs;
- provide our customers with, and manage their, accounts, products and services;
- identify you or verify your identity, details or ability to transact on an account;
- confirm your tax residency status as required by any law, tax treaty or intergovernmental taxation information sharing agreement;
- develop, improve and review our products, services and business;
- identify your behaviour, habits and preferences;
- market Judo's and others' products and services to you;
- maintain and update our records including managing any consent preferences you have advised to us (for example, related to open banking or data sharing with your nominated service providers, authorised representatives, intermediaries, accounting platform providers, data aggregators, technology service providers or other financial institutions or organisations);
- assess your creditworthiness;
- assist with applications, enquiries or complaints;
- participate in the credit reporting system, including to provide credit information to CRBs and assist other credit providers in accordance with applicable legislation;
- manage our human resources functions;
- enable us to comply with our legal and regulatory obligations, including under the Privacy Act, Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), National Consumer Credit Protection Act 2009 (Cth), Competition and Consumer Act 2010 (Cth), state/territory property laws, Bankruptcy Act 1966 (Cth), Fair Work Act 2009 (Cth), Superannuation Guarantee (Administration) Act 1992 (Cth), Income Tax Assessment Act 1936 (Cth) and Income Tax Assessment Act 1997 (Cth) and other tax laws, Corporations Act 2001 (Cth), Australian Securities and Investments Commission Act 2001 (Cth), occupational health and safety acts, public health acts and workers compensation acts;
- assist us to manage risk including to protect against fraud, misconduct and unlawful activity;
- enable us to manage complaints, investigations and legal proceedings;
- enable the management and recovery of debts;
- consider you for employment or a contractor position with us;
- manage our relationships with our investors;
- do business with our contractors or suppliers of goods and services (you may be a contractor/supplier, or employed or engaged by a contractor/supplier);
- allow customers, prospective customers or other members of the public to enter a competition or other activity that we run and notify any of them if they have won a competition;
- carry out research and analysis related to our products and services;
- facilitate any transfer of assets or business that we are involved in, including transitional and business integration arrangements;
- protect our rights and property and those of our customers and staff;
- assist regulatory authorities; and
- pursue any other purpose required or permitted by law.
We may also use your credit-related personal information to:
- assess an application for credit;
- assist you to avoid defaulting on your credit obligations;
- assess whether Judo ought to accept you as a guarantor in relation to an application for credit; and
- assess whether you have committed a serious credit infringement.
If you do not provide us with your personal information, our ability to provide you with a specific product or service, or to perform the functions above, may be limited.
5. How do we disclose your personal information?
We may disclose your personal information for any of the purposes outlined above.
Further information about third parties to which we may disclose your personal information is set out below.
The information below is not intended to be exhaustive and there may be other third parties to which we provide your personal information where required or permitted by law.
5.1 Disclosure to a CRB
We may disclose credit-related personal information to a CRB, including to obtain credit eligibility information about you, or if you fail to meet your payment obligations or commit a serious credit infringement.
We may disclose any information, including personal information, in relation to commercial credit, to a CRB or to another credit provider.
Judo may disclose personal information to the following CRBs:
PO BOX 964
North Sydney NSW 2059
PO BOX 7405
St Kilda Road
Melbourne Vic 3004
03 9828 3447
Attn: Credit Report
PO BOX 1969
North Sydney NSW 2060
1300 783 684
CRBs may include credit-related personal information we share with them in reports given to other credit providers to help them assess your credit worthiness. Each of these CRBs is required to have a policy about how it manages credit-related personal information and your rights to access and correct that information, and make a complaint. If you would like to read this policy, visit the CRB’s website.
If you are on a contact list a credit provider gives to a CRB in relation to a proposed direct marketing campaign, the CRB can tell the credit provider not to send you the offer as you do not meet the eligibility criteria. This is called pre-screening. You have the right to request that a CRB does not use your credit information for pre-screening.
You also have the right to request that a CRB does not use or disclose your credit information if you believe on reasonable grounds that you have been, or are likely to be, the victim of fraud (e.g. if you suspect someone may use your identity to apply for credit). These requests should be made directly to the CRB.
5.2 Disclosure to others
The other types of persons or organisations to which we disclose your personal information could include:
- our related entities and joint venture partners;
- other organisations with whom we have affiliations, e.g. so that they may provide you with information about our products and services and various promotions;
- third party service providers who assist us in operating our business, e.g. marketing service providers, identity management providers, share registry providers, data analytics providers and technology service providers;
- debt collectors and purchasers;
- our financial and tax advisers, consultants, insurers, legal advisers, auditors, valuers and other professional services providers, and those of other parties we engage with;
- organisations involved with us in a corporate re-organisation or involved in a transfer or potential transfer of all or part of the assets (including debts) or business of our organisation or another organisation;
- organisations involved in the provision or potential provision of finance to, or any capital raising by, Judo;
- organisations involved in our payments systems including financial institutions, merchants and payment organisations;
- regulators and law enforcement agencies;
- employers, accountants, real estate agents or any referees you nominate;
- persons authorised by you to deal with us (such as a lawyer, financial adviser, intermediary or third-party organisation or service provider we exchange information with in order to provide or promote products and services to you, such as an accounting platform, data aggregator, technology service provider, other financial institution or organisation);
- any joint applicant or joint account holder with you;
- other credit providers;
- third-party brokers and other parties that may have introduced you to us;
- third party identity management providers;
- an actual or potential guarantor or person who provides security for credit;
- a person for an external dispute resolution purpose;
- any entity to which we are authorised or required by law or a court/tribunal to disclose it;
- any other person or entity where you have given your consent, and
- any other person or entity as otherwise permitted in accordance with this policy.
5.3 Overseas disclosure
Judo generally avoids offshore hosting and servicing of personal information and does not generally disclose your personal information to overseas recipients.
However, we may do so if we have taken reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles (APPs) in relation to that information, or otherwise comply with APPs in respect of the disclosure.
6. Direct marketing
Direct marketing involves communicating directly with you for the purpose of promoting goods or services to you and providing you with special offers from Judo, its related entities or its third-party business partners. Direct marketing can be delivered by a range of methods including mail, telephone, email, SMS, apps and websites.
We may use and disclose your personal information for the purpose of direct marketing to you where:
- you have expressly or by implication consented to us doing so; or
- it is otherwise permitted by law.
We may do this on a continuing basis, however at any time you can unsubscribe from our direct marketing, or change your contact preferences, by contacting us (our contact details are in section 11 of this policy).
7. How do we hold your personal information?
The security of your personal and credit information is important to us.
We store your personal information in different ways, including in paper-based, electronic and other formats. We may use cloud computer storage facilities to store the personal information we hold about you.
We take reasonable precautions to protect the personal information we hold from:
- misuse, interference and loss; and
- unauthorised access, modification or disclosure.
These include electronic and physical security measures and ensuring all our staff are trained to respect the security and confidentiality of our customers’ information.
If we no longer need your personal information and are not required by law to keep it, we will take reasonable steps to delete, destroy or de-identify it.
8. How can you access and correct your personal and credit information?
Judo takes reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date. Accuracy depends on the information provided to Judo. You have the right to seek access to your personal information held by Judo and to request correction of the information. If you wish to do so, you may contact us at firstname.lastname@example.org or by phone on 13JUDO.
We may require evidence of your identity as part of the process of providing you with access to your personal information or correcting your personal information.
There are no fees associated with making a request to access or correct your information. However, we may charge a fee where lawful and reasonable, for processing an access request, to account for locating the information and supplying it to you.
We may refuse to give you access to the personal information we hold about you if we reasonably believe that giving you access would pose a serious threat to the life, health or safety of an individual, if giving access would have an unreasonable impact on the privacy of other individuals, or if the request is frivolous or vexatious. Other grounds for refusal to give access may also apply under the Privacy Act or other applicable law.
If you are not satisfied with how we manage your personal information in accordance with the Privacy Act or Credit Reporting Code, you can register a complaint directly with Judo’s Privacy Officer in the first instance.
Judo will follow these steps to address and manage your complaint:
- make a record of your complaint;
- within one business day of receiving a complaint, acknowledge your complaint in writing; and
- within 30 calendar days of receiving a complaint, investigate the complaint and provide a response to you in writing.
If you wish to make a complaint, please contact us on:
Mail: Privacy Officer
PO BOX 636 South Melbourne Vic 3205
If you are not satisfied with how a complaint has been handled, you can lodge a complaint directly with the Office of the Australian Information Commissioner (OAIC):
Phone: 1300 363 992
Fax: 02 9284 9666
Mail: GPO Box 5218 Sydney NSW 2001
or you can lodge a complaint directly with the Australian Financial Complaints Authority (AFCA), of which Judo Bank is a member, our external dispute resolution scheme.
Phone: 1800 931 678
Fax: 03 9613 6399
Mail: GPO Box 3
Melbourne VIC 3001
Time limits to make a complaint to AFCA apply.
10. Changes to this policy
We may modify or replace this policy at any time. We will publish any modified or replacement policy on our website at www.judo.bank. Any changes come into effect upon publication.
This version of this policy applies from 29 September 2022.
11. Further information
For more information about any issue relating to this policy, please contact us at:
Mail: Privacy Officer
PO BOX 636 South Melbourne Vic 3205
For information in relation to privacy in general, you can visit the Australian Information Commissioner’s website at www.oaic.gov.au.