Privacy

At ING, we're committed to ensuring the confidentiality and security of your personal information. We are bound by the Privacy Act 1988 (Cth) (the Privacy Act), including the Australian Privacy Principles (APPs) set out in that Act, to guide us in our responsible handling of your personal information.

This Privacy Statement applies to ING Bank (Australia) Limited (ABN 24 000 893 292) and ING Bank N.V., Sydney Branch and aims to explain in a simple and transparent way what personal information we gather about you and how we process it.

You can find out more information about how we deal with your privacy by viewing our ING Privacy Policy

This information was last updated in March 2019.

1. How we handle your personal and credit-related information

We may collect, use, hold and disclose personal information and credit-related information about you for the purposes of processing an application form that you have submitted for a customer, arranging or providing a financial product or service that you and/or your customer have requested, to improve and develop our financial products and services, to prevent and detect fraud and data security, communicating with you about ING and the products and services we offer, complying with laws, managing our relationship with you, and allowing us to perform administrative tasks. We are also required to collect your personal information to comply with our obligations under Australian law, including to:

  • identify customers for the purposes of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);
  • determine and report to the Australian Taxation Office in respect of your foreign tax residency status for the purposes of laws relating to the Foreign Account Tax Compliance Act in the United States of America (abbreviated as FATCA) and also the Common Reporting Standard (CRS);
  • satisfy our internal and external reporting obligations; and
  • satisfy our responsible lending obligations under the National Consumer Credit Protection Act 2009 (Cth). If you don't provide the personal information that we request, we will generally not be able to deal with you.

2. What personal information do we collect?

In simple terms, personal information includes any information or an opinion about an identified individual or an individual who is reasonably identifiable. The kinds of personal information we may collect about you include your name, date of birth, address, account details, occupation, and any other information we may need to identify you, including publically available information from public registers and social media.

2.1 Sensitive Information

We don't generally collect personal information about you which is sensitive, such as information about your health or criminal record. Unless the collection of sensitive information is required or authorised by law or a court order, we will obtain your consent to its collection only if we need it to provide you with a specific product or service (such as certain types of insurance), if you make a claim with us for financial hardship relief or if you apply for employment with us.

With your explicit consent or if required or allowed by law, we may collect your genetic or biometric data (your fingerprint, voice or facial features) which may be used to verify your identity or use it as an extra means of security in apps when you choose for such authentication to authorise transactions.

3. How we collect your personal information

We collect most personal information directly from you.

Occasionally, we may need to source personal information about you from a third party, but only if you've consented to us collecting the information in this way or you would reasonably expect us to collect the information about you from a third party. For instance, we may collect certain personal information about you from aggregators, mortgage managers, credit reporting bodies, government departments or third party brokers.

3. How we collect your personal information

We collect most personal information directly from you.

Occasionally, we may need to source personal information about you from a third party, but only if you've consented to us collecting the information in this way or you would reasonably expect us to collect the information about you from a third party. For instance, we may collect certain personal information about you from aggregators, mortgage managers, credit reporting bodies, government departments or third party brokers.

4. Use and disclosure of your personal information

The general rule is that we will not use or disclose your personal information other than for the purposes stated at the time of the collection. If we want to use your personal information for another purpose, we will seek further consent from you, unless that other purpose is related to one of the original purposes of collection and you would reasonably expect us to use your personal information for that other purpose.

It may be necessary for ING to disclose your personal information to certain third parties in order to assist us in providing, managing and administering your products or services or for other purposes related to our business - these third parties are specified in our Privacy Policy and we'll also let you know who they are at the time we collect your personal information.

Personal information will only be disclosed to third parties other than those we've specifically identified if you have consented to the disclosure; if you would reasonably expect us to disclose information of that kind to those third parties; if we are authorised or required to do so by law; or it is necessary to assist with law enforcement.

5. Disclosure of your personal information overseas

We may have to send personal information overseas, for example, if required to complete a transaction or where we outsource a function to an overseas contractor. Your personal information may be disclosed to staff in ING Group entities in Slovakia, the Philippines, Poland, Singapore, and the Netherlands if necessary to administer our relationship with you; if those entities provide services to, or functions for, ING; for transactional reasons; or to comply with Australian and global regulatory requirements applying to us or the ING Group (including requests from government bodies and agencies such as the Australian Taxation Office, and to comply with requests for information received by overseas regulators). We may also transfer personal information to centralised storage systems or to process it globally for more efficiency. All internal data transfers are in line with our Global Data Protection Policy.

We will take reasonable steps to ensure that other third parties located overseas do not breach the APPs in relation to your personal information.

6. Disclosure of your personal information for marketing purposes

We, or other ING Group entities, may use your personal information to provide you with further information about ING Group products and services unless you tell us not to.

If you have provided an email address to us, we may contact you using that email address, including to provide you with information about ING and the products and services that we and the ING Group offer. You may elect not to receive further information about us or our products and services by contacting us online, calling or writing to us.

We will act promptly on your request and will also ensure that each electronic marketing message sent (e.g. by email) includes a method that enables you to tell us you do not want to receive future electronic marketing material.

Our Social Media User Terms apply to your use of ING's social media sites or facilities. If you engage with us on any of our social media channels, you agree to be bound by these terms.

7. Credit-related Personal Information

Where we collect your personal information and we're likely to disclose that information to a credit reporting body, we're required by law to notify you of certain matters, which are set out below. If you want us to provide you with a hard copy of this information, then please contact us.

7.1 Which credit reporting bodies does ING deal with?

We primarily deal with, and report certain credit-related personal information to, Equifax Australia Information Services & Solutions Pty Limited (EISS), which is the major credit reporting body in Australia.

You can contact EISS by:

  • one of the methods specified at www.equifax.com.au/contact; or
  • mailing EISS - Equifax, PO Box 964, North Sydney NSW 2059

7.2 Collection, use and disclosure of your credit-related personal information

EISS may include your credit information that we provide to it in credit reports to other credit providers to assist those credit providers to assess your credit worthiness.

You can find out further detail about how we manage your credit-related personal information in our Privacy Policy.

In particular, our Privacy Policy sets out how you can:

  • access the information we hold about you and ask us to correct information if you believe that it is incorrect; and
  • make a complaint about our handling of your credit-related personal information

EISS' policy on how it handles credit-related personal information can be found on its website at www.equifax.com.au/credit-reporting-policy.

Collection, use and disclosure of your credit-related personal information

EISS may include your credit information that we provide to it in credit reports to other credit providers to assist those credit providers to assess your credit worthiness.

If you fail to meet your payment obligations in relation to any loan you have with us or if we believe that you have committed a serious credit infringement, we may be entitled to disclose this to EISS.

You can find out further detail about how we manage your credit-related personal information in our Privacy Policy.

In particular, our Privacy Policy sets out how you can:

  • access the information we hold about you and ask us to correct information if you believe that it is incorrect; and
  • make a complaint about our handling of your credit-related personal information

EISS' policy on how it handles credit-related personal information can be found on its website at www.equifax.com.au/credit-reporting-policy.

7.3 Pre-screening Assessments

Under the Privacy Act, credit reporting bodies are prohibited from using or disclosing credit reporting information that they hold about you for the purposes of direct marketing. Subject to a number of restrictions, this general prohibition does not apply to the use of this information by the credit reporting body for the purpose of assessing whether you are eligible to receive direct marketing by credit providers, such as ING.

This use of the information in this way is known as a "pre-screening assessment". The Privacy Act allows you to request a credit reporting body that holds credit information about you to not use that information for the purposes of a pre-screening assessment. The credit reporting body cannot charge you for making, or carrying out, the request.

7.4 Fraud - "ban period"

The Privacy Act gives you certain mechanisms to deal with fraud, including identity fraud.

If you believe on reasonable grounds that you have been, or are likely to be, the victim of fraud then you can ask EISS (or any other credit reporting body that holds information about you) not to use or disclose your credit reporting information during a "ban period".

The "ban period" is a period of 21 days starting on the day that you make the request, which can be extended on your request if the credit reporting body believes on reasonable grounds that you have been, or are likely to be, the victim of fraud.

The credit reporting body cannot charge you for making, or carrying out, the request.

8. Access to your personal information

You may request access to limited amounts of personal information that we hold about you - such as your address - by calling us on 133 464. For a more detailed request for access to information that we hold about you, you will need to write to the ING Privacy Officer at GPO Box 4094, Sydney NSW 2001.

If for any reason we can't provide you with access, we'll tell you why and attempt to find other ways to help you get access to this information.

Please note that requests for access to your personal information may only be made by you or by another person who you have authorised to make a request on your behalf, such as a legal guardian or an authorised agent. We will require you to verify your identity, or the identity and authority of your representative, to our reasonable satisfaction. Depending on the nature and/or volume of the information that you request, an access charge may apply, but not to your request for access itself.

9. Requesting correction/update of your personal information

Although we take reasonable steps to ensure that your personal information is accurate, up-to-date, complete, relevant and not misleading, we rely on the accuracy of information that you supply to us. If any of your personal information is incorrect, has changed or requires updating, please assist by either:

  • updating your details in the 'Contact details' section found in the 'Settings' menu after you log in; or
  • contacting us by phone with your client number ready.

10. Complaints

ING is committed to resolving privacy complaint(s) as quickly as possible and has procedures in place to help resolve any problems or complaints efficiently. For more information on how to make a complaint, see our complete Privacy Policy under "Making a privacy complaint".

11. Protecting your personal information

We apply an internal framework of policies and minimum standards across all our business to keep your personal information safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments. More specifically and in accordance with the law, we take appropriate technical and organisational measures (policies and procedures, IT security etc.) to ensure the confidentiality and integrity of your personal information and the way it's processed.

In addition, ING employees are subject to confidentiality and may not disclose your personal information unlawfully or unnecessarily.

If we no longer require your personal information for a purpose, for example, to manage your financial product or provide you with a financial service, then we will take reasonable steps to securely destroy it or permanently remove all identifying features from that information.

12. Use of internet cookies

ING may use cookies to assist you in accessing information on our websites which is of interest and relevance to you. Cookies are a way of storing information on your computer so you do not have to enter the same data every time you access our sites - for instance, your e-mail address. We may also use cookies to capture general information about how you have found our website, or to track the number of visitors to a site, but we do not store any of your personal details when we do this.

13. ING Global Privacy Standards

ING's parent company, ING Bank N.V., has established global privacy standards for all ING Group companies known as Binding Corporate Rules (BCRs). The BCRs, which are known as the ING Global Data Protection Policy (GDPP), were approved by the Data Protection Authorities in all EU Member States. They are our commitment to protect your personal information and honour our privacy obligations regardless of where your personal information is collected, processed or stored within the ING Group of companies.

14. How to contact ING about privacy

If you have any further questions about privacy at ING please contact us by:

  • calling 133 464
  • emailing customer.service@ing.com.au
  • writing to:
    ING Privacy Officer
    GPO Box 4094
    Sydney NSW 2001

15. Further information

We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and market place practices.

As a consequence we may change this policy from time to time or as the need arises. We will post any changes to this policy on our website.

XS
SM
MD
LG