Important update:

Introducing new settlement cycles in the US, Canadian and Mexican markets.

Privacy policy

Privacy Policy

October 2023

We respect your personal information, and this Privacy Policy explains how we handle it. The Policy covers JBWere Limited (JBWere) ABN 68 137 978 360 AFSL 341162 and Invia Custodian Pty Ltd (Invia) ABN 33 006 127 984 AFSL 247082, and makes reference to National Australia Bank Ltd ABN 12 004 044 937 AFSL 230686 and all its related companies (the ‘Group’) which include banking, financing, funds management, financial planning, superannuation, insurance, broking and e-commerce organisations.

General information 

The types of information that we collect and hold about you could include: 

  • ID information such as your name, postal or email address, telephone numbers, and date of birth; 
  • other contact details such as social media handles; 
  • financial details such as your tax file number; 
  • health information; 
  • device information, such as which browser you use, your operating system language and how you use your device; 
  • your location or activity including IP address and geolocation data based on the GPS of your mobile device (when accessing our services), and whether you’ve accessed third party sites; 
  • credit information such as details relating to credit history, credit capacity, and eligibility for credit; and 
  • other information we think is necessary to provide services to you. 

Over the course of our relationship with you, we may collect and hold additional personal information about you, including transactional or account information, and records about complaints or enquiries about your product or service. 


If you apply for employment with us, our collection and processing of your personal information is governed by separate privacy terms that you can find hyperlinked on the NAB Group recruitment page. 

Sensitive information 

Sometimes we need to collect sensitive information¹ about you. This could include things like health information, professional associations or other personal data. Unless required by law, we will always do this with your consent.  

1 Sensitive information is information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trace association or trade union, sexual preferences or practices, criminal record, health information, genetic or biometric information.  

We may seek your personal information because we are required by law or authorised to collect it. There are laws that affect financial institutions, including company and tax law, which require us to collect personal information. For example, we may require personal information to verify your identity under Commonwealth anti-money laundering laws.

We recognise the importance of your personal information to you. Unless it’s unreasonable or impracticable, we will try to collect personal information directly from you (referred to as ‘solicited information’). For this reason, it’s important that you help us to do this and keep your contact details up-to-date. 


We may collect personal information in a number of ways. For example, we might collect your information when you fill out a form with us, use our website, speak with us on the telephone or drop into one of our offices. We find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details. However, we’ll never ask you for your security details via email or other electronic communication – if you are ever unsure, just contact us using the details on our website. 


Sometimes it may be necessary for us to collect your information from other sources. Instances of when we may need to include where we: 

  • can’t get hold of you, so we may need to look to publicly available information to update your contact details; 
  • require additional information for customer authentication or identify verification purposes;  
  • are required to investigate fraud; 
  • require information from third parties to provide you with services; and 
  • exchange information with your representatives at your request such as your accountant and legal advisors. 

We may combine information that we hold about you with information appropriately collected from external sources such as those described above. 


We may do this so in order to gain insights about you so that we can serve you better. This includes being able to better understand your preferences and interests, personalise your experience, enhance the products and services that you receive, and to tell you about products and services that may be of interest to you.  

When you use our website (or other Group websites) we may collect information about your location or activity including IP address, telephone number and whether you have accessed a third-party website. If you use our internet site or client portal, we monitor your use of those online interactions. This is done to ensure we can verify you and you can receive information from us, to identify ways we can improve our services for you, and to understand you better. Some of this website or application information is collected using cookies. For information on how we use cookies and tracking tags see 


We may also collect information about you when you interact with us through social media channels. For all confidential matters, please interact with us via private messaging if you wish to use social media, or by another private channel. 


Much of data collection referenced is this section is done through the use of cookies. This information is used to improve our services and enhance online user experience (e.g. website statistics), and does not identify individual customers but does identify the specific internet browser used. Where we do identify you (such as if you log into online services), we will treat any of the above data that is linked to you in accordance with this policy and all applicable privacy law. 

You do not have to provide us with your personal information. However, this may prevent us from being able to provide services to you. If you don’t provide your personal information to us, we may not be able to: 

  • provide you with the product or service you want; 
  • manage or administer your product or service; 
  • verify your identity or protect against fraud; or 
  • let you know about other products or services from across the Group that might better meet your financial, e-commerce and lifestyle needs. 

Because we are part of a large organisation, people may share information with us we haven’t sought out (referred to as ‘unsolicited information’). Where we receive unsolicited personal information about you, we will check whether the information is reasonably necessary for our functions or activities, and whether we are permitted (or required) to retain it. If so, we’ll handle this information the same way we do with other information we seek from you. If not, we’ll ensure we do the right thing and destroy, de-identify or otherwise make it inaccessible. 

When we receive personal information from you directly, we’ll take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint. 


Sometimes we collect your personal information from third parties. You may not be aware that we have done so. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection. Information about this can be found at 

We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are: 

  • implementing robust confidentiality and data security requirements and periodic mandatory privacy training for our employees; 
  • maintaining document storage and data security policies; 
  • embedding other security policies, processes and measures to control access to our systems and premises; 
  • taking reasonable steps to ensure access to personal information is only provided to authorised persons; 
  • ensuring third parties we appoint as our contractors or agents, including those located overseas, meet the Group’s privacy policies and obligations; 
  • using up-to-date electronic security systems, such as firewalls and data encryption on our websites. 

We may store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements and other measures to ensure those providers take appropriate measures to protect that information from unauthorised access, use or disclosure. 

We’ll only keep your information for as long as we require it for the purposes outlined in this Policy.  We’re also required to keep some of your information for certain periods of time under law, such as the Corporations Act, Anti-Money Laundering & Counter-Terrorism Financing Act, and the Financial Transaction Reports Act. When we no longer need your information, we’ll ensure that your information is destroyed, de-identified or rendered inaccessible. 

What are the main reasons we collect, hold and use your information? 

Because we offer a range of services and products, collecting your personal information allows us to provide you with the products and services you’ve asked for. This means we can use your information to: 

  • provide you with information about products and services; 
  • consider your request for products and services, including your eligibility; 
  • process your application and provide you with products and services;  
  • identify you or verify your authority to act on behalf of a client;  
  • administer products and services which includes answering your requests and complaints, varying products and services, taking any required legal action in relation to our accounts and managing our relevant product portfolios;  
  • identify opportunities to improve our products and services and to improve our service to you;  
  • comply with our obligations under applicable laws, regulations and codes; 
  • telling you about other products or services that may be of interest to you, or running competitions and other promotions (this can be via email, telephone, SMS, mail, or any other electronic means including via social networking forums), unless you tell us not to (which you can do at anytime); 
  • assisting in arrangements with other organisations (such as loyalty partners) in relation to a product or service; 
  • to achieve any purpose which you have requested or given your consent for; 
  • allowing us to run our business and perform administrative and operational tasks, such as: 
  • training staff; 
  • developing and marketing products and services; 
  • risk management; 
  • systems development and testing, including our website and other online channels; 
  • undertaking planning, research and statistical analysis; 
  • determining whether a beneficiary will be paid a benefit; and 
  • preventing or investigating any fraud or crime, including any suspected fraud or crime. 

Can we use your information for marketing our products and services? 

We may use or disclose your personal information to let you know about products and services from across the Group that we believe may be of interest to you. We will not do this if you unsubscribe or otherwise advise us not to. 


Such marketing activities may be via email, telephone, SMS, iM, mail, or any other electronic means. We may also market our products to you through third party channels (such as social networking sites), or based on your use of Group programs. We will always let you know that you can opt out from receiving our third party or Group program marketing offers.  


Where we market to prospective customers, we are happy to let them know how we obtained their information and will provide easy to follow opt-outs. 


With your consent, we may disclose your personal information to third parties such as brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time.  

Yes, You Can Opt-Out 

You can let us know at any time if you no longer wish to receive direct marketing offers from the Group. We will process your request as soon as practicable. 


Where you have subscribed to something specific (like a newsletter) and you no longer wish to receive it, please click the unsubscribe link included with the email. 

To make sure we can meet your specific needs and for the purposes described in ‘How we use your personal information’, we sometimes need to share your personal information with others.  

Sharing with the Group 

We may share your personal information with other Group members. This could depend on the product or service you have applied for and the Group member you are dealing with. 

Sharing with your representatives 

We might also need to share your personal information with your representative or any person acting on your behalf (for example, financial advisors, lawyers, settlement agents, accountants, executors, administrators, trustees, guardians or auditors). 

Sharing with third parties 

There are times when we need to disclose your personal information to third parties outside of the Group, including: 

  • authorised representatives of the Group who sell products or services on our behalf; 
  • those involved in managing or administering your product or service; 
  • superannuation and managed funds organisations, and their advisors; 
  • brokers or referrers who refer your business to us; 
  • other financial institutions, such as banks; 
  • fraud reporting agencies (including organisations that assist with fraud investigations to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime or misconduct or a serious nature); 
  • government or regulatory bodies (including ASIC and the Australian Tax Office) as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities); 
  • our accountants, auditors, lawyers and external advisors; 
  • organisations that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems; 
  • payment system operators who manage our payments systems including merchants, payment organisations, card and cheque book production and statement production; 
  • our joint venture partners that conduct business with us; 
  • organisations involved in a corporate re-organisation or transfer of Group assets or business; 
  • organisations that assist with our product planning, research and development; 
  • mailing houses and telemarketing agencies who assist us to communicate with you; 
  • other organisations involved in our normal business practices, including our agents and contractors; and 
  • where you have given your consent or at your request, including to your representatives, advisors, translators or (if you are experiencing vulnerability) other nominated assistance parties. 

Sharing outside of Australia 

We run our business in Australia, however we may from time to time engage with third parties overseas in providing our services to you, including in India. Where we are obliged to provide information overseas we might need to ask you before this happens. For example some nations have enacted laws to prevent tax evasion by their citizens or permanent residents, requiring us to report certain financial information to relevant overseas taxation bodies. 


The Group runs its business in Australia and overseas, and may share information with organisations outside Australia. You can view a list of countries the Group discloses personal information to at


We may store your information in cloud or other types of networked or electronic storage. If your information is stored in this way, disclosures may occur in countries different to those listed. 


If your personal information is shared with organisations outside Australia, those organisations may be required to disclose that information under a foreign law. In such circumstances, we will not be responsible for that further disclosure. 

We‘ll always give you access to your personal information unless there are certain legal reasons why we can’t. You can ask us to access your personal information that we hold by contacting your JBWere Adviser or JBWere’s Privacy Officer. 


We will give you access to your information in the form you want it where it’s reasonable and practical. We may charge you a small fee to cover our costs when giving you access, but we’ll always check with you first. 


The privacy law permits an organisation to deny a request for personal information in certain circumstances such as where giving access to the requesting individual would unfairly impact the privacy of others. If we validly deny your access request, we will tell you why in writing.  

Please contact us if your contact details change or if you think we hold incorrect information about you. Where we agree that the information needs to be corrected, we will update it. If we do not agree, you can request that we make a record of your correction request with the relevant information. 


If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can - if we can’t, then we’ll let you know in writing. 

How do you generally make a complaint? 

If you have a complaint about how we have handled your personal information, please tell us about it. View our complaints management process.  


You can get in contact with us by: 

  • Contacting your JBWere Advisor;  
  • Contacting the Investor Services Team on 1800 812 267; or 
  • Writing to:
    Privacy Officer
    JBWere Limited
    GPO 4370
    Melbourne VIC 3001 

We will acknowledge your complaint as soon as we can after we receive it, and will aim to resolve the matter quickly and fairly within 30 days. 

Need more help? 

If you still feel your issue hasn't been resolved to your satisfaction, then you can raise your concern with: 


Office of the Australian Information Commissioner (OAIC)


Phone: 1300 363 992 


Fax: +61 2 9284 9666 

Mail: GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601 


Australian Financial Complaints Authority (AFCA) 


Phone: 1800 931 678 (free call) 


Mail: GPO Box 3, Melbourne, VIC, 3001

What if you want to interact with us anonymously or use a pseudonym? 

If you have general enquiry type questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way however as we are often governed by strict regulations that require us to know who we’re dealing with. In general, we won’t be able to deal with you anonymously or where you are using a pseudonym when: 

  • it is impracticable; or 
  • we are required or authorised by law or a court/tribunal order to deal with you personally. 

What do we do with government-related identifiers? 

In certain circumstances we may be required to collect government-related identifiers such as your tax file number. We will not use or disclose this information unless we are authorised by law. 

Changes to this Privacy Policy 

This Policy may change. We will let you know of any changes to this Policy by posting a notification on our website.  

More Information 

Please refer to the NAB Group Privacy Policy for more information about how Privacy is managed within the Group.