At ING DIRECT, we're committed to ensuring the confidentiality and security of your personal information. We are bound by the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) set out in that Act, to guide us in our responsible handling of your personal information.
This information was last updated in May 2017.
Ordinarily, we'll collect most personal information about you directly from you.
Occasionally we may need to obtain personal information about you from a third party, but only if you've consented to us collecting the information in this way or you would reasonably expect us to collect the information about you in this way.
We'll collect personal information to provide you with information about a financial product or service; to assess your application and eligibility for a financial product or service; to provide you with the financial products and services that you've requested; to administer our relationship with you; and to communicate with you about ING DIRECT and the products and services we offer, and then only when it's necessary for, or related to, these purposes.
We'll also need to collect personal information necessary to comply with Australian and global legal or regulatory requirements including those that have extraterritorial application to ING DIRECT or the ING Group. For example, ING DIRECT has an obligation:
to identify customers for the purposes of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);
to determine and report to the Australian Taxation Office in respect of your foreign tax residency status for the purposes of laws relating to the Foreign Account Tax Compliance Act in the United States of America (abbreviated as FATCA) and also the Common Reporting Standard (CRS); and
to satisfy our responsible lending obligations under the National Consumer Credit Protection Act 2009 (Cth).
If you don't provide the personal information that we request, we will generally not be able to provide you with ING DIRECT products or services.
Use and Disclosure of your personal information
The general rule is that we will not use or disclose your personal information other than for the purposes stated at the time of the collection. If we want to use your personal information for another purpose, we will seek further consent from you, unless that other purpose is related to one of the original purposes of collection and you would reasonably expect us to use your personal information for that other purpose.
Personal information will only be disclosed to third parties other than those we've specifically identified if you have consented to the disclosure; if you would reasonably expect us to disclose information of that kind to those third parties; if we are authorised or required to do so by law; or it is necessary to assist with law enforcement.
We may have to send personal information overseas, for example, if required to complete a transaction or where we outsource a function to an overseas contractor. Your personal information may be disclosed to staff in ING Group entities in Singapore and the Netherlands if necessary to administer our relationship with you; if those entities provide services to, or functions for, ING DIRECT; for transactional reasons; or to comply with Australian and global regulatory requirements applying to us or the ING Group (including requests from government bodies and agencies such as the Australian Taxation Office, and to comply with requests for information received by overseas regulators).
We, or other ING Group entities, may provide you with further information about ING Group products and services unless you tell us not to.
If you have provided an email address to us, we may contact you using that email address, including to provide you with information about ING DIRECT and the products and services that we and the ING Group offer. You may elect not to receive further information about us or our products and services by contacting us online, calling or writing to us.
Our Social Media User Terms apply to your use of ING DIRECT's social media sites or facilities. If you engage with us on any of our social media channels, you agree to be bound by these terms.
Home and contents insurance
We may disclose certain personal information relevant to the provision of home and contents insurance products, including information that is disclosed on your loan application form, to Auto & General Services Pty Ltd (AGS), which issues and underwrites the general insurance products.
AGS may use personal information collected from us, initially for the purposes of providing you with a premium estimate for that insurance product. If you decide to proceed with an application for the product, AGS may use, hold and disclose to third parties any personal information it collects about you, including from us, for the purposes of considering any application you make for an insurance product, providing those products and services to you, internal management and risk functions, enhancing AGS products and services and otherwise administering the relationship AGS has with you.
If you don't provide personal information to us (or to AGS) it will not be possible for AGS to estimate your home and contents insurance premium.
Some of the parties with which AGS exchanges personal information, may be located outside Australia in countries including Philippines, Singapore, Spain, Japan, United Kingdom, South Africa and the United States of America.
Lender's Mortgage Insurance
We may disclose personal information (including credit-related personal information) to the lender's mortgage insurer (LMI) listed below.
The LMI may use, hold and disclose to third parties any personal information it collects about you from us or credit reporting bodies in order to assess whether to insure the risk of providing mortgage insurance; to assess the risk of default; to assess the risk of a guarantor being unable to meet a liability arising under a guarantee; to administer and vary the insurance cover, including for securitisation and hardship applications; to verify information that we collect about you; to deal with claims and recovery of proceeds including, among other things, to enforce a loan in place of a lender if the mortgage insurer pays out an insurance claim on your loan; for a mortgage insurance purpose; and for any other purpose under the insurance policy issued to us relating to your loan, as well as for other internal management and risk purposes.
If you don't provide personal information to us, it will not be possible for the LMI to process our request for lender's mortgage insurance.
The LMI that we may disclose your personal information and credit information to is:
Genworth Financial Mortgage Insurance Pty Ltd.
You can contact Genworth by calling 1300 655 422 or by visiting genworth.com.au.
The LMI may disclose your personal information to entities located overseas including in the USA, Canada and the United Kingdom.
Where we collect your personal information and we're likely to disclose that information to a credit reporting body, we're required by law to notify you of certain matters, which are set out below. If you want us to provide you with a hard copy of this information, then please contact us.
Which credit reporting bodies does ING DIRECT deal with?
We primarily deal with, and report certain credit-related personal information to, Equifax Australia Information Services & Solutions Pty Limited (EISS), which is the major credit reporting body in Australia.
You can contact EISS by:
one of the methods specified at www.equifax.com.au/contact; or
mailing EISS - Equifax, PO Box 964, North Sydney NSW 2059
Collection, use and disclosure of your credit-related personal information
EISS may include your credit information that we provide to it in credit reports to other credit providers to assist those credit providers to assess your credit worthiness.
If you fail to meet your payment obligations in relation to any loan you have with us or if we believe that you have committed a serious credit infringement, we may be entitled to disclose this to EISS.
access the information we hold about you and ask us to correct information if you believe that it is incorrect; and
make a complaint about our handling of your credit-related personal information
EISS' policy on how it handles credit-related personal information can be found on its website at www.equifax.com.au/credit-reporting-policy.
Under the Privacy Act, credit reporting bodies are prohibited from using or disclosing credit reporting information that they hold about you for the purposes of direct marketing. Subject to a number of restrictions, this general prohibition does not apply to the use of this information by the credit reporting body for the purpose of assessing whether you are eligible to receive direct marketing by credit providers, such as ING DIRECT.
This use of the information in this way is known as a "pre-screening assessment".The Privacy Act allows you to request a credit reporting body that holds credit information about you to not use that information for the purposes of a pre-screening assessment. The credit reporting body cannot charge you for making, or carrying out, the request.
Fraud - "ban period"
The Privacy Act gives you certain mechanisms to deal with fraud, including identity fraud.
If you believe on reasonable grounds that you have been, or are likely to be, the victim of fraud then you can ask EISS (or any other credit reporting body that holds information about you) not to use or disclose your credit reporting information during a "ban period".
The "ban period" is a period of 21 days starting on the day that you make the request, which can be extended on your request if the credit reporting body believes on reasonable grounds that you have been, or are likely to be, the victim of fraud.
The credit reporting body cannot charge you for making, or carrying out, the request.
Access to your personal information
You may request access to limited amounts of personal information that we hold about you - such as your address - by calling us on 133 464. For a more detailed request for access to information that we hold about you, you will need to write to the ING DIRECT Privacy Officer at GPO Box 4094, Sydney NSW 2001.
Please note that requests for access to your personal information may only be made by you or by another person who you have authorised to make a request on your behalf, such as a legal guardian or an authorised agent. We will require you to verify your identity, or the identity and authority of your representative, to our reasonable satisfaction. Depending on the nature and/or volume of the information that you request, an access charge may apply, but not to your request for access itself.
Updating your personal information
Although we take reasonable steps to ensure that your personal information is accurate, up-to-date, complete, relevant and not misleading, we rely on the accuracy of information that you supply to us. If any of your personal information is incorrect, has changed or requires updating, please assist by either:
updating your details in the 'Contact details' section found in the 'Settings' menu after you log in; or
contacting us by phone with your client number ready.
We take steps to protect your personal information from misuse, loss and interference. We also protect it from unauthorised access, modification, disclosure.
If we no longer require your personal information for a purpose, for example, to manage your financial product or provide you with a financial service, then we will take reasonable steps to securely destroy it or permanently remove all identifying features from that information.
Use of internet cookies
ING Global Privacy Standards
ING DIRECT's parent company, ING Bank N.V., has established global privacy standards for all ING Group companies known as Binding Corporate Rules (BCRs). The BCRs, which are known as the ING Global Data Protection Policy (GDPP), were approved by the Data Protection Authorities in all EU Member States. They are our commitment to protect your personal information and honour our privacy obligations regardless of where your personal information is collected, processed or stored within the ING Group of companies.
How to contact us
If you have any further questions about privacy at ING DIRECT please contact us by:
calling 133 464
ING DIRECT Privacy Officer
GPO Box 4094
Sydney NSW 2001