Help & support
Each member of the CommBank Group collects and handles your personal information in accordance with its legal obligations, including those under the Privacy Act 1988 (Cth).
The Commonwealth Bank of Australia and its subsidiaries (the CommBank Group) provide or distribute a wide range of banking, finance, insurance, funds management, financial planning and advice, superannuation, stockbroking and other services.
This Statement describes how your personal information and credit information is collected and handled by the following members of the CommBank Group:
If you are located in the European Economic Area or the United Kingdom, or if you are a customer of our China, Hong Kong, Singapore or Tokyo branches, you may have additional rights. See additional rights at the end of this page for more information.
We collect your personal information directly from you most of the time, however on occasion, we may also collect information about you from other people and organisations.
We collect personal information when you:
While we are required to collect some types of personal information to meet our legal obligations, we do attempt to keep our collection of your personal information to what is necessary to offer you the products and services you require. Depending on those products and services, or your interactions with the members of the CommBank Group, we may collect the following types of personal information:
See ‘Who do we share your information with?’ (Collection, use & sharing, Section 2C) for details of third parties we may share information with.
We use your information to deliver our products and services. We also use your information for other reasons, such as to better understand you, your needs, and to let you know about other products and services you might be interested in.
Here is a list of the ways we may use your personal information.
We may also collect, use and share your information for other reasons where the law allows or requires us to.
Direct marketing
From time to time, we may also use your personal information to tell you about products and services we think may be of interest and value to you, but we will stop if you tell us to.
We may contact you by various means, including by mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising through CommBank websites or through our online banking services.
If you do not want to receive direct marketing offers from us, you can opt-out by:
We may first require you to log into your NetBank account or otherwise identify yourself.
We may share your information with third parties for the reasons mentioned in How do we use your information? (Collection, use & sharing, Section 2b), or where the law otherwise allows or requires us to.
The types of third parties are listed below.
Sending information overseas
Sometimes, we may send your information overseas, including to:
If we do this, we make sure there are appropriate privacy, data handling and security arrangements in place to protect your information.
Our staff are trained in how to keep your information safe and secure. We use secure systems and buildings to hold your information. We aim to only keep your information for as long as we need it.
We store your hard copy and electronic records in secure buildings and systems or using trusted third parties. We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold about you.
We aim to keep personal information only for as long as we need it – for example for business or legal reasons. When we no longer need information, we take reasonable steps to destroy or de-identify it.
We collect credit information about you when you apply or use our credit related products or services. We may also collect credit information about you from credit reporting bodies (such as Equifax).
Credit information is personal information that is about credit that has been provided to you or that you have applied for. This includes credit for personal purposes and credit in connection with a business. It can also cover information about you as a guarantor of a loan or as an insured party under a credit related insurance policy.
We collect credit information directly from you or your representative when you apply for a credit related product or service, like a credit card. We also collect credit information about you from third parties, including credit reporting bodies (such as Equifax) or other credit providers (such as another bank).
The types of credit information we collect and handle are set out below.
Identification information
This includes your name (including any aliases), gender, date of birth, driver licence number, current and most recent past addresses, as well as current and most recent past employers.
Consumer credit liability information
This is information about any accounts that you currently have open or may have had in the past. It includes the type of account, the open and/or close date, as well as the credit limit.
Repayment history
This includes a history of your repayments, including whether you have made payments when due, and if not, when overdue payments have been made.
Financial Hardship Information
This includes information about agreed financial hardship arrangements that you may have with us or our credit providers, both temporary and permanent. Financial hardship information will be recorded with the repayment history information.
Default information
Details of any defaults or serious credit infringements.
Public information
Public record information such as:
Information about credit worthiness
Information about your credit worthiness such as credit scores, credit risk ratings, summaries and evaluations.
When you apply to us for credit or propose to be a guarantor, we need to know if you’re able to meet repayments under your agreement with us. We also want to avoid giving you further credit if this would put you in financial difficulty.
We use credit information to:
We keep your credit information with your other information. In some cases, we may need to share some of your information with organisations outside Australia (see Collection, use & sharing, Section 2c).
It is important that we hold accurate credit information about you. To access or correct your credit information, please contact us (see Further Information, Section 6a).
You can also contact us to make an enquiry or complaint about the collection and handling of your credit information.
If you apply for credit or offer to act as a guarantor, we may collect or share your information with a credit reporting body. This information is used to determine your eligibility for credit.
When we request information about you from a credit reporting body, we will need to share some of your personal or credit information with them, your consent is not required for us to share that information in relation to a consumer credit application.
Credit reporting bodies include a record of our request for your information (called a credit enquiry) in their reports to help other credit providers assess your credit worthiness (such as when you apply for a credit card or a loan) and may also use the information when they calculate your credit score or rating. In some circumstances your credit score or rating may be negatively impacted by these credit enquiries, such as where numerous credit enquiries have been recorded by a credit reporting body over a short period on their report about you.
We can also ask credit reporting bodies to give us your overall credit score and may use credit information from credit reporting bodies together with other information to arrive at our own assessment of your ability to manage credit.
Direct marketing: Credit providers like us can ask credit reporting bodies to use your credit information to pre-screen you for direct marketing purposes. You can contact the credit reporting bodies if you want to stop your credit information being used for this purpose.
Preventing identity fraud: If you think you have been, or could be, a victim of fraud you can ask the credit reporting body not to use or give anyone your credit information.
We collect from, and share information with, the following credit reporting bodies. For more information about how they handle credit reporting information they hold about you, please visit their websites.
You can contact us and ask to view your information. For more detailed information, we may ask you to fill out a request form. If your information isn’t correct or needs updating, let us know straight away.
How can I access my information?
You can ask us for a copy of your information, like your statements or transaction history, by visiting a branch, going online (such as Netbank, CommBiz or CommSec) or calling us (see Further Information, Section 6a). To get a copy of the credit information we have about you, you can visit a branch or call us.
If you would like more detailed information, please fill out the Request for Access to Personal Information Form (PDF).
How will we handle you request?
There is no fee to ask for your information, but sometimes we might charge a fee to cover the time we spend gathering the information you want. If there’s a fee, we’ll let you know how much it is likely to be, so you can choose if you want to go ahead.
We try to make your information available within 30 days after you ask us for it.
In some cases, we can refuse access or only give you access to certain information. For example, we might not let you see information that involves other people. If we do this, we will write to you explaining our decision.
Can you correct or update your information?
It’s important that we have your correct details, such as your current home address, email address and phone number. You can check or update your information at any branch, via your online services (such as Netbank, CommBiz or CommSec) or by calling us (see Further Information, Section 6a).
If you think your personal or credit information is incorrect, contact us to investigate the issue (see Further Information, Section 6a).
We’ll try to respond to your request within 30 days. If we can’t, we’ll let you know why it’s taking longer.
If we don’t think the information needs correcting, we’ll write to let you know why. You can ask us to include a statement with the information that says you believe it is inaccurate, incomplete, misleading or out of date.
If you need more information, want to access or update your personal information or if you have a privacy concern, please contact us using the contact details below.
Personal banking
Message us in the CommBank app or call 13 2221, 8am - 8pm (Sydney/Melbourne time)
Overseas? Call +61 2 9999 3283
Business banking
Call 13 1998 any time
Overseas? Call +61 2 9009 0593
CommSec
Call 13 1519
Commonwealth Private
Call 1300 362 081
Overseas? Call +61 2 9115 1417
8am - 7pm, Monday - Friday (Sydney/Melbourne time)
Access for hearing or speech impaired customers
TTY number: Call 133 677 then ask for 13 2221
SMS Relay: Text 0423 677 767 (for more info, visit the National Relay Service)
Voice Relay number: Call 1300 555 727 then ask for 13 2221
Visit your nearest CommBank branch
If you’re a customer of our international branches, you can contact us on the details below.
China
The Data Privacy Officer
Commonwealth Bank of Australia, Shanghai and Beijing Branches
Mailing Address: RM 43-031 Hang Seng Bank Tower, No. 1000 Lujiazui Ring Road, Pudong, Shanghai.
Telephone: +86 21 61238900
Hong Kong
The Data Privacy Officer
Commonwealth Bank of Australia, Hong Kong Branch
Mailing Address: Suite 1401, One Exchange Square, 8 Connaught Place, Central, Hong Kong
Telephone: +852 2844 7500
Fax: +852 2845 9194
Japan (Tokyo)
The Data Privacy Officer
Commonwealth Bank of Australia, Tokyo Branch
Mailing Address: 13F, Muromachi Furukawa Mitsui Bldg 2-3-1, Nihonbashi Muromachi, Chuo-ku, Tokyo 103-0022 Japan
Telephone: +81 03 5400 7857
Email: Takao.Uehara@cba.com.au
Singapore
The Data Privacy Officer
Commonwealth Bank of Australia, Singapore Branch
Mailing Address: 38 Beach Road, #07-11 South Beach Tower, Singapore 189767
Email: dpo@cba.com.au
New Zealand
Group Chief Privacy Officer
If you have a concern or complaint about how we have handled your personal information (including your credit information), let us know and we’ll try to fix it. If you’re not satisfied with how we respond to your complaint about how we’ve handled your personal information, there are other things you can do.
How can you make a complaint?
To make a complaint, contact one of our staff or customer service teams (see Further Information, Section 6a). We’ll look into the issue and try to fix it straight away.
If you’ve raised your concern with one of our staff and are not satisfied, you can contact our Customer Relations team:
CBA Group Customer Relations
Webform
https://www.commbank.com.au/support/compliments-and-complaints.html
Phone
+61 2 9687 0756 from overseas
8am - 6pm, 7 days a week (Sydney/Melbourne time)
Reply Paid 41, Sydney NSW 2001
If you would like further information on how we handle complaints, please visit how we manage complaints page.
What else can you do?
If you’re not satisfied with our response after you’ve been through our internal complaints process, you can lodge a dispute through the Australian Financial Complaints Authority (AFCA), our external dispute resolution provider.
AFCA provides consumers and small businesses with fair, free and independent dispute resolution for financial complaints.
Australian Financial Complaints Authority
Visit: www.afca.org.au
Email: info@afca.org.au
Phone: 1800 931 678 (free call)
Mail: Australian Financial Complaints Authority, GPO Box 3, Melbourne VIC 3001
You can also contact the Office of the Australian Information Commissioner if your complaint is about your privacy or how we handled your credit information.
Office of the Australian Information Commissioner
Visit: oaic.gov.au
Email: enquiries@oaic.gov.au
Phone: 1300 363 992
Mail: GPO Box 5288, Sydney NSW 2001
Customers of our Singapore Branch
Additional rights for customers of our Singapore Branch are set out in the Singapore Branch Privacy Notice. You may request a copy of this Notice, or further information relating to your rights, by contacting the Singapore Data Privacy Officer (see Further Information, Section 6a).
Customers of our Tokyo Branch
Additional rights for customers of our Tokyo Branch are set out in the Commonwealth Bank of Australia, Tokyo Branch Privacy Policy Statement (PDF).
Customers of our China Branch
Additional rights for customers whose personal information will be collected, processed, stored, transmitted, disclosed and used by Commonwealth Bank of Australia in China is set out in our China Branch Privacy Notice.
Customers of our Hong Kong Branch
Additional rights for customers of our Hong Kong Branch are set out in the Commonwealth Bank of Australia, Hong Kong Branch Privacy Policy Statement (PDF), and the Hong Kong Branch Privacy Notice.
The European Union (EU) and the United Kingdom (UK) have local data protection laws, such as the EU General Data Protection Regulation (GDPR) and United Kingdom General Data Protection Regulation (UK GDPR), which give more rights to individuals located in the European Economic Area (EEA) and the UK and more obligations to organisations holding their personal information.
If you are a customer of our UK branch or our bank in Netherlands, that organisation will be a “controller” of your personal information, which means it is responsible for compliance with the GDPR or UK GDPR as applicable.
In this Appendix, “personal information” means any information relating to an identified or identifiable natural person.
Under the GDPR and UK GDPR, personal information must be processed in a lawful, fair and transparent manner. This means we must provide you with more information about how we collect, use, share and store your personal information and information about your rights in data protection law. We have set out below this information, which is in addition to certain other information provided in the Group Privacy Statement above.
If you are located in the UK or EEA and have an enquiry relating to your data protection rights, please contact myprivacyrequest@cba.com.au.
For details of what personal information we collect, please refer to Section 2 (Collection, use and sharing) above.
If we require certain information for our contract with you or because it is legally required and you do not provide this to us, we may not be able to offer you products or services, or perform our contract with you.
Special categories of personal information
Personal information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example your fingerprints), or data concerning your health, sex life or sexual orientation is subject to additional requirements.
If we process this personal information about you, we will only process this with your consent or where otherwise lawfully permitted.
How long we keep your personal information
We will keep your personal information while you are a customer. We keep your personal information for only as long as we need it for the relevant purpose.
We generally keep your personal information for up to 7 years after you stop being a customer but we may keep your personal information for longer for the following purposes:
We can collect and use your personal information for the purposes noted above in Section 2 (Collection, use and sharing). We must have a valid lawful ground to process your personal information, which may be one of the following lawful grounds:
The purposes for which we use your personal information, lawful grounds we may rely upon are as follows:
Who do we share your information with?
We may share your personal information with other organisations within our Group or third parties as set out in Section 2 (Collection, use & sharing).
Profiling and automated decision making
We may use systems to make automated decisions (including profiling) based on personal information we have collected from you or obtained from other sources such as credit reporting bodies. These systems can evaluate your personal circumstances and other factors to predict risk or outcomes.
Our credit approval process relies on automated analysis of personal information provided by you in the application process, alongside that received from credit referencing agencies and fraud prevention agencies, to make the following decisions:
These automated decisions can affect the products or services we offer you. For example, we may decide not to offer all or some our products or services to you, or we may decide how much to charge you, based on credit history and other financial information about you.
You have certain rights in relation to automated decision making and profiling, which are set out below.
Sending information outside the UK/EEA
Recipients of your personal information may be located outside the UK or EEA as described in Section 2 (Collection, use & sharing).
Where we transfer your personal information outside the UK or the EEA, we will ensure that it is transferred in a manner consistent with legal requirements applicable to the information, for example:
Please contact us if you would like more information about the appropriate safeguards, including a sample copy of the standard contractual clauses, relevant to the transfer of personal information.
Your rights
You have a number of rights in relation to the personal information that we hold about you, although please note that in some cases, exceptions apply to the exercise of these rights and so you may not be able to exercise them in all situations.
You can exercise your rights by contacting myprivacyrequest@cba.com.au.
The right to be informed how personal information is processed
The right to withdraw your consent if we are relying on it to handle your personal information
The right of access to personal information
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
The right to lodge a complaint with a supervisory authority
See the ‘Regulator Contact Details’ section below for more information.
Minors and children’s privacy
For certain services, we will seek parent or guardian consent to collect the details of children under certain ages.
Regulator contact details
The UK data protection authority is:
Information Commissioner’s Office
Wycliffe House
Wilmslow
Cheshire SK9 5AF
UK
Visit: ico.org.uk
The Netherlands Data Protection Authority is:
Autoriteit Persoonsgegevens
Prins Causlaan 60
PO Box 93374
2509 AJ DEN HAAG / The Hague
Visit: https://autoriteitpersoonsgegevens.nl/nl
For other European jurisdictions please refer to the European Commission website for details of the relevant data protection authorities.
Policy updated: 11 November 2024
During our relationship with you, we may tell you more about how we collect and handle your information – for example, when you fill in an application form or receive product terms and conditions. You should always read these documents carefully.
Sometimes we update our Statement. You can always find the most up-to-date version on our website.