you are here: Home > Security And Privacy > Privacy Policy Statement

SEARCH:


Servicing Your Loan

Rates & Fees

Forms

myHomePath

How We Handle Your Personal Information

Personal information is information or opinion that allows others to identify you. It includes your name, age, gender, contact details, as well as your health and financial information. HomePath will act to protect your personal information in accordance with the National Privacy Principles, or an industry privacy code. HomePath is a wholly owned subsidiary of the Commonwealth Bank Group ("the Group"). The Commonwealth Bank Group does not guarantee the obligations or performance of its subsidiaries, or the products they offer.

We value your trust, and aim to help you manage and build wealth over a long period. The protection of your personal information is a vital part of this relationship. It is supported by our long experience of keeping personal information confidential.

We collect personal information to provide you with the products and services you request as well as information on other products and services offered by us. The law may also require us to collect personal information. We will tell you who collects the personal information, advise you of their contact details, your right of access to that information, and what will happen if you choose not to provide the information.

Personal information may be used and disclosed within the Group to administer our products and services, as well as for prudential and risk management purposes and, unless you tell us otherwise, to provide you with related marketing information¹. We also use the information we hold to help detect and prevent illegal activity. We co-operate with police and other enforcement bodies as required or allowed by law.

We disclose relevant personal information to external organisations that help us provide services. These organisations are bound by confidentiality arrangements. They may include overseas organisations.

You can seek access to the personal information we hold about you. If the information we hold about you is inaccurate, incomplete, or outdated, please inform us so that we can correct it. If we deny access to your personal information, we will let you know why. For example, we may give an explanation of a commercially-sensitive decision, rather than direct access to evaluative information connected with it.

¹ Information collected by Colonial First State will not be used by other Group members for marketing purposes.

Further information and feedback

If you have any questions or would like further information on our privacy and information handling practices, please contact us by:

email
telephone 1300 130 852* 8am to 10pm (Melbourne time), 7 days a week, or
writing to the address below:

Privacy Officer
Customer Relations
HomePath Pty Ltd
Reply Paid 41
Sydney NSW 2001

* A free call unless made from a mobile phone, which will be charged at the applicable mobile rate.

What You Need To Know and Where to Find It

Background

Collection of personal information

Other members of the Commonwealth Bank Group

Other disclosures

Personal information quality

Personal information security

Online

Telephone

Direct marketing

Changes to our privacy and information handling practices

Access to personal information

Background

Privacy Act 1988

The Commonwealth Government has enacted privacy legislation to protect information held by all credit providers about their customers' personal credit dealings. Since 1991, under Part IIIA of the Privacy Act, credit providers (that includes HomePath) have only been allowed to disclose information about personal credit dealings to certain classes of persons (such as another financial institution) for certain very limited purposes.

Privacy Amendment (Private Sector) Act 2000

In December 2000, the Commonwealth Government enacted further privacy legislation, which commenced 21 December 2001, amending the Privacy Act (implementing the National Privacy Principles) to include provisions that regulate the way private sector organisations collect, use, disclose, keep secure and provide access to personal information.

HomePath acts to protect your personal information in accordance with the National Privacy Principles. The following information details how we comply with the requirements of the Privacy Act in protecting the personal information we hold about you.

Collection of Personal Information

What is "personal information"?

Personal information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Why we collect information

Personal information is collected so that we may:

administer our customer relationships;
provide customers with the products and services they request and unless they tell us otherwise, to provide information on products offered by the collecting member and other members of the Commonwealth Bank Group. If you have provided us with your email or mobile phone details, we may provide information to you on the Bank Group's products and services electronically.

Personal information may also be used for:

monitoring and evaluating products and services;
gathering and aggregating information for statistical, prudential, actuarial and research purposes;
assisting customers with queries; and
taking measures to detect and prevent frauds and credit loss.

What we collect

Personal information collected by HomePath generally comprises name, address, date of birth, gender, marital status, occupation, account details, driver’s licence number, contact details (including telephone, facsimile and email) and financial information. Sometimes we collect a few personal details unlikely to be known to other people to help us identify you over the telephone.

If you are applying for credit we may also collect the number and ages of your dependants, the length of time at your current address, your employer's name and contact details, the length of your employment, proof of earnings and, if you have changed employer in the last few years, details of your previous employment. We use this information to assist in making responsible credit decisions. In addition, as required by Part IIIA of the Privacy Act 1988, we will obtain your consent to collect, use and disclose credit information about you.

We are required by law to identify you if you are opening a new account or adding a new signatory to an existing account. The Financial Transaction Reports Act 1988 requires us to sight and record details of certain documents (for example, birth certificate, passport) in order to achieve 100 points of identification.

We may take steps to verify the information we collect; for example, a birth certificate provided as identification may be verified with records held by the Registry of Births, Deaths and Marriages to protect against impersonation, or we may verify with an employer that employment and remuneration information provided in an application for credit is accurate.

We do not collect information about your political or religious beliefs, or ethnic background.

What if you provide incomplete or inaccurate information?

We may not be able to provide you with the products or services you are seeking.

Obtaining your consent

In most cases, before or at the time of taking out a new HomePath product (or, if that is not practicable, as soon as practicable thereafter) HomePath will obtain your consent to the purposes for which it intends to use and disclose your personal information.

If you do not give us consent, we may not be able to provide you with the products or services you want. This is because it is impracticable for us to treat some customers differently because, for example, they don't want their statements to be prepared and mailed by an external provider we have made arrangements with to provide this service to all customers.

Please refer to the "Other Disclosures" section for details of the confidentiality arrangements that apply when functions are outsourced.

Withdrawing consent

Having provided consent, you are able to withdraw it at any time. To withdraw consent, please contact HomePath. Please note that withdrawing your consent may lead to HomePath no longer being able to provide you with the product or service you enjoy given that, as mentioned above, it is impracticable for us to treat some customers differently.

Information collected from someone else

In some cases, your personal information may be provided to us by family members or friends. We will take reasonable steps to let you know that we have your personal information, unless it is obvious from the circumstances that you know or would expect us to have the information. Reasonable steps may include asking the person who gave us your information to let you know that we have that information.

Other Members of the Commonwealth Bank Group

As a member of the Commonwealth Bank Group (the Group), HomePath collects personal information and is permitted by the Privacy Act to disclose personal information to other members of the Group. This enables the Group to have an integrated view of its customers. Any such disclosure is controlled by the Privacy Act, and members of the Group with whom you do not have a relationship will not use that information for the purpose of contacting you. Without your consent, other members of the Group may not use or disclose your personal information for purposes other than for which your information was originally collected. All members of the Group observe the same standard of privacy and information handling practices.

Members of the Commonwealth Bank Group, and a brief description of the services they provide, include:

ASB Bank Limited Incorporated in New Zealand (banking and finance)
CBFC Limited ABN 26 008 519 462 (finance products)
CFM Retirement Fund ABN 65 006 340 791 (retirement products)
CMG Asia Limited Incorporated in Bermuda operates in Hong Kong (life insurance)
Colonial Fiji Life Limited Incorporated in Fiji (life and health insurance)
Colonial Mutual Funds Ltd ABN 97 006 734 514 (master funds)
Colonial Mutual Superannuation Pty Ltd ABN 56 006 831 983 (superannuation and retirement products)
Commonwealth Bank of Australia ABN 48 123 123 124 (banking and finance)
Commonwealth Custodial Services Limited ABN 26 000 485 487 (trustee services)
Commonwealth Insurance Limited ABN 96 067 524 216 (general insurance)
Commonwealth Fleet Lease Pty Ltd ABN 15 003 429 356 (vehicle leasing and management)
Commonwealth Insurance Holdings Limited ABN 95 088 327 959 (annuities)
Commonwealth Investment Services Limited ABN 13 003 049 830 (dealer services)
Commonwealth Life Limited ABN 39 003 610 008 (life, risk, superannuation and retirement products)
Commonwealth Managed Investments Limited ABN 33 084 098 180 (managed funds)
Commonwealth Securities Limited ABN 60 067 254 399 (broker)
HomePath Pty Ltd ABN 35 081 986 530 (online home lending)
PT Bank Commonwealth Incorporated in Indonesia (banking and finance)
The Colonial Mutual Life Assurance Society Limited ABN 12 004 021 809 (life products)
Sovereign Limited Incorporated in New Zealand (life insurance).

These are the current principal operating entities of the Group as at the date of this statement. A full listing of the controlled entities of the Group can be found in the Commonwealth Bank of Australia's latest Annual Report.

Other Disclosures

Who we may communicate with

We may exchange personal information with:

valuers and insurers (so that we can obtain a valuation of your property, and confirm that it is insured);
auditors we appoint to ensure the integrity of our operations;
auctioneers (if we have to sell a property we hold as security to recover monies owing to us);
real estate agents (to confirm details of a property you are purchasing or if we have to sell a property we hold as security. We will not, however, without your specific written permission, confirm to real estate agents the outcome of your application for finance);
lenders' mortgage insurers (if we have to take out insurance because the amount you are borrowing exceeds a certain percentage of the property's value)

(Note that mortgage insurers may also use and disclose personal information in accordance with the National Privacy Principles for their own purposes, which may include disclosure to credit reporting agencies, service providers and reinsurers. They will not, however, use your personal information for marketing purposes.);

any person acting on your behalf, including your financial adviser, solicitor and accountant, executor, administrator, trustee, guardian or attorney;
your referee (to confirm details about you);
if required or authorised to do so, regulatory bodies and government agencies;
credit reporting agencies;
medical practitioners (to verify or clarify, if necessary, any health information you may provide);
other financial institutions and organisations at their request if you seek credit from them (so that they may assess whether to offer you credit);
suppliers from whom we order goods on your behalf (so that the goods may be provided to you);
investors, advisers, trustees and ratings agencies where credit facilities are pooled and sold (securitised); and
other organisations who in conjunction with us provide products and services (so that they may provide their products and services to you).

If we have used an example to indicate when we might exchange personal information, the exchange of personal information may not be limited to those examples or examples of a similar kind.

Outsourcing

We disclose personal information when we outsource certain functions, including bulk mailing, market research, direct marketing, statement production, debt recovery and information technology support. We also seek expert help from time to time to help us improve our systems, products and services.

In all circumstances where personal information may become known to our contractors and outsourced service providers, there are confidentiality arrangements in place. Contractors and outsourced service providers are not able to use or disclose personal information for any purposes other than our own.

HomePath takes its obligations to protect customer information very seriously and we make every effort to deal only with parties who share and demonstrate the same attitude.

Sending personal information overseas

We send personal information if we outsource functions using overseas agents or contractors. Your personal information may also be accessed by our Group staff in other countries.

Exchanging information with a credit reporting agency

When you apply for credit we need to be in a position to decide whether or not you are likely to repay. Our decision will be based on your current financial position (including your other credit repayments) and on your credit history (whether in the past you have been a reliable repayer). We will consider the information you give us when you fill out your application and may check that information with a credit reporting agency and with any other credit provider with whom you have had dealings.

In checking with a credit reporting agency, we are looking to confirm the completeness and accuracy of information you have provided on your application form. This helps you as well as us because we do not want to give you further credit if, given your existing borrowings, you will have difficulty making repayments.

Where the Privacy Act applies we can only give information about you to a credit reporting agency if we first have told you that we will do so, and we can only obtain information about you from a credit reporting agency if we have your consent.

You may obtain a copy of credit reports about you.

Disclosure required by law

We may be required by law to disclose information, for example, when we are served with a court order. We may also be required by a Government Agency to produce information and records, for example, pursuant to taxation or social security laws.

Disclosure as a result of your actions

There may be circumstances in which we consider you, by your actions, to have released us from our duty of confidentiality or to have consented to the disclosure of information about you without actually saying so (for example, if you discuss your financial position publicly to the media, in such a way as to leave us with little alternative but to respond publicly).

Securitisation

Securitisation involves the pooling of assets (such as loans) of a similar kind and the sale of the pooled assets to a special purpose vehicle. To facilitate the process, we may disclose personal information to any person to whom our rights in the assets are to pass or proposed to pass and to any ratings agencies, trustees, investors and advisers involved in the transaction.

Personal Information Quality

Our goal is to ensure that the personal information we hold is accurate, complete and up-to-date. Please contact us if any of the details you have provided change. Please also contact us if you believe that the information we have about you is not accurate, complete or up-to-date.

We may take steps to update personal information, for example, an address, by collecting personal information from publicly available sources, for example, telephone directories or electoral rolls.

Personal Information Security

We are committed to keeping secure the personal information you provide to us. We take all reasonable precautions to protect the personal information we hold about you from misuse and loss and from unauthorised access, modification or disclosure.

We have a range of physical and technology policies in place to provide a robust security environment. We ensure the ongoing adequacy of these measures by regularly reviewing them.

Our security measures include, but are not limited to:

restricting access to our computer systems and physical records to authorised persons and preventing users from accessing information they have no need to access;
requiring employees to use unique passwords to gain access to systems. These passwords are changed regularly and their use is independently monitored;
encrypting data sent from your computer to our systems during Internet transactions and customer access codes transmitted across networks;
employing firewalls, intrusion detection systems and virus scanning tools to prevent unauthorised persons and viruses from entering our systems;
using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;
practising a clean desk policy in all premises occupied by HomePath and providing secure storage for physical records; and
detecting and preventing unauthorised access to buildings by employing physical and electronic means such as alarms, cameras and guards as required.

Where information we hold is identified as no longer needed for any purpose we ensure it is effectively and securely destroyed, for example, by shredding or pulping in the case of paper records or by degaussing (demagnetism of the medium using alternating electric currents) and other means in the case of electronic records and equipment.

Online

Collection of information via web site activity

For statistical purposes we collect information on web site activity (such as the number of users who visit our web sites, the date and time of visits, the number of pages viewed, navigation patterns, what country and what systems users have used to access the site and, when entering one of our web sites from another web site, the address of that web site) through the use of "cookies". This information on its own does not identify an individual but it does provide HomePath with statistics that can be used to analyse and improve our web sites.

Cookies

A "cookie" is a packet of information that allows the server (the computer that houses the web site) to identify and interact more effectively with your computer.

When you use our web site, we send you a cookie that gives you a unique identification number. A different identification number is sent each time you use our web site. Cookies do not identify individual users, although they do identify a user's browser type and your Internet Service Provider (ISP).

You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please refer to your browser instructions or help screens to learn more about these functions. If you reject all cookies, you may not be able to use our web site.

To evaluate the effectiveness of our web site advertising, we may use third parties to collect statistical data. No personal data is collected on these occasions.

Links to other web sites

Our web sites may contain links to non-HomePath web sites. Whilst such links are provided for your convenience, you should be aware that the information handling practices of the linked web sites might not be the same as ours.

Telephone

We may monitor and record telephone calls for training and security purposes.

Direct Marketing

One of the reasons we collect personal information is so that we may provide you with information on products and services offered by members of the Commonwealth Bank Group. Whilst we are permitted by the Privacy Act to disclose personal information to other members of the Group, and we do so to enable the Group to have an integrated view of its customers, it is important to note that the Group's policy is that members of the Group with whom you do not have a relationship will not use that information for the purpose of contacting you.

You may, if you wish, indicate that you do not want to receive information on products and services offered by or through HomePath by

"ticking the box" when prompted, when you become a member; or
contacting HomePath at any time to indicate that you wish to "opt out" of receiving such information.

Changes to our Privacy and Information Handling Practices

HomePath may make changes to its privacy and information handling practices from time to time for any reason. We will publish those changes on our web sites and, if there are important changes or a lot of minor changes, by updating this document. This statement is dated 10 September 2004.

Access to personal information

You can request us to provide you with access to the personal information we hold about you.

How to gain access

Requests for access to limited amounts of personal information, such as checking to see what address or telephone number we have recorded, can generally be handled over the telephone.

With regards to request for access to more substantial amounts of personal information, such as details of what is recorded in your loan file, we will require you to complete and sign the "Request for Access to Personal Information under the National Privacy Principles" form, and mail it to:

Privacy Officer
Customer Relations
HomePath Pty Ltd
Reply Paid 41
Sydney NSW 2001

Following receipt of your request, our Customer Relations area will provide you with an estimate of the access charge and confirm that you want to proceed. Access will not be provided until payment is received.

An access charge may apply

An access charge may apply, but not to the request itself. The charge is for the time we spend on locating, collating and explaining the information you request (generally based on a rate of $60 per hour or part thereof) plus any photocopying costs and out of pocket expenses (such as freight and travelling costs).

Responding to an access request

We will respond to your access request as soon as possible. We will endeavour to comply with your request within 14 days of its receipt but, if that deadline cannot be met owing to exceptional circumstances, your request will be dealt with within 30 days. It will help us provide access if you can tell us what you are looking for. Your identity will be confirmed (including by verifying your signature) before access is provided.

Requests may be denied or limited

If particular circumstances apply, we are permitted by the Privacy Act to deny your request for access, or limit the access we provide. We will let you know why your request is denied or limited. For example, we may give an explanation of a commercially-sensitive decision, rather than direct access to evaluative information connected with it.

Jointly held information

Where we hold your personal information in conjunction with that of another individual or individuals (e.g. where you jointly conduct an account), we will allow each individual access to their own personal information and to the joint information (e.g. account balances and transaction details) but not to the personal information of the other individual(s).

Access to a credit report about you

You have the right to ask for a copy of any credit report we have obtained about you from a credit reporting agency. However, as we may not have retained a copy after we have used it in accordance with Part IIIA of the Privacy Act, the best means of obtaining an up-to-date copy is to get in touch with the credit reporting agency direct. You have a right to have any inaccuracies corrected or, if there is any dispute as to accuracy, to have a note added to your credit reporting agency file explaining your position.

If we decline your credit application wholly or partly because of adverse information on your credit report, the Privacy Act requires us to tell you of that fact and how you can go about getting a copy of your credit report.

The major credit reporting agency in Australia is Baycorp Advantage Business Information Services Limited. As the largest agency, it is likely that it will be Baycorp Advantage Business Information Services Limited that you will need to contact in relation to access to an up-to-date copy of your credit report and any correction of information on your file. Baycorp Advantage Business Information Services Limited has established a specific public access division to handle these matters: Public Access Division, Baycorp Advantage Business Information Services Limited, PO Box 964, North Sydney NSW 2059.

Contact Us About Our Privacy and Information Handling Practices

If you have any questions or would like further information about our privacy and information handling practices, please contact us by:

email
telephone 1300 130 852* 8am to 10pm (Melbourne time), 7 days a week, or
writing to the address below:

Privacy Officer
Customer Relations
HomePath Pty Ltd
Reply Paid 41
Sydney NSW 2001

* A free call unless made from a mobile phone, which will be charged at the applicable mobile rate.

Making a privacy complaint

We recognise that even in the best run organisations things can go wrong. Should you have a privacy complaint, please tell us because it gives us the opportunity to fix the problem. We offer a free internal complaint resolution scheme to all of our customers. Our personal customers also have free access to an external dispute resolution scheme.

To assist us in helping you, we ask you to follow a simple three-step process:

1. Gather all supporting documents about the matter of complaint, think about the questions you want answered and decide what you want us to do.

2. Contact HomePath, where your situation will be reviewed and if possible resolved straight away. A quick chat is all that's required to resolve most issues.

3. If at this stage the matter has not been resolved to your satisfaction, please contact our Customer Relations team using the above contact points. We will provide you with the name and contact details of the officer who will investigate your complaint, answer your questions and do all they can to regain your confidence.

If you are still not satisfied, we will tell you about the external dispute resolution avenues available to you.