Skip to Content

Privacy Policy

12 March 2014

We respect your personal information, and this Privacy Policy explains how we handle it. The Policy covers JBWere Limited (JBWere) ABN 68 137 978 360 AFSL 341162 and Invia Custodian Pty Ltd (Invia) ABN 33 006 127 984 AFSL 247082, and makes reference to National Australia Bank Ltd ABN 12 004 044 937 AFSL 230686 and all its related companies (the ‘Group’) which include banking, financing, funds management, financial planning, superannuation, insurance, broking and e-commerce organisations.

What personal information do we collect and hold?

General information
The types of information that we collect and hold about you could include:

  • ID information such as your name, postal or email address, telephone numbers, and date of birth;
  • other contact details such as social media handles;
  • financial details such as your tax file number;
  • health information;
  • credit information such as details relating to credit history, credit capacity, and eligibility for credit; and
  • other information we think is necessary.

Sensitive information
Sometimes we need to collect sensitive information¹ about you, for instance in relation to some insurance applications. This could include things like medical checks, consultation reports or other health information. Unless required by law, we will always do this with your consent. 

When the law authorises or requires us to collect information

We may seek your personal information because we are required by law or authorised to collect it. There are laws that affect financial institutions, including company and tax law, which require us to collect personal information. For example, we may require personal information to verify your identity under Commonwealth anti-money laundering laws.

How do we collect your personal information?

We understand that your personal information needs to be looked after and isn’t something you leave lying around for just anybody to take. So unless it’s unreasonable or impracticable, we will try to collect personal information directly from you (referred to as ‘solicited information’). For this reason, it’s important that you help us to do this and keep your contact details up-to-date.

There are many ways we seek information from you. We might collect your information when you fill out a form with us, when you’ve given us a call, used our website or dropped into one of our offices. We also find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details.

Sometimes we’ll have to collect your information from other sources; however we won’t do this if it’s not necessary. Instances of when we may need to include where:

  • we can’t get hold of you, so we may need to look to publicly available information to update your contact details; and
  • we exchange information with your representatives at your request such as your accountant and legal advisors.

What if you don’t want to provide us with your personal information?

If you don’t provide your personal information to us, we may not be able to:

  • provide you with the product or service you want;
  • manage or administer your product or service;
  • verify your identity or protect against fraud; or
  • let you know about other products or services from across the Group that might better meet your financial, e-commerce and lifestyle needs.

What do we do when we get information we didn’t ask for?

Because we are a large organisation, people may share information with us we haven’t sought out (referred to as ‘unsolicited information’). Where we receive unsolicited personal information about you, we will check whether the information is reasonably necessary for our functions or activities. If it is, we’ll handle this information the same way we do with other information we seek from you. If not, we’ll ensure we do the right thing and destroy or de-identify it.

When will we notify you that we have received your information?

When we receive personal information from you directly, we’ll take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint.

Sometimes we collect your personal information from third parties. You may not be aware that we have done so. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.

How do we take care of your personal information?

We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:

  • confidentiality requirements for our employees;
  • document storage security policies;
  • security measures for our systems access;
  • only giving access to personal information to requestors who are verified;
  • control access for our buildings; and
  • electronic security systems, such as firewalls and data encryption on our websites.

We can store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect the information and restrict the uses to which they can put that information.

What happens when we no longer need your information?

We’ll only keep your information for as long as we require it for our purposes.  We’re also required to keep some of your information for certain periods of time under law, such as the Corporations Act, Anti-Money Laundering & Counter-Terrorism Financing Act, and the Financial Transaction Reports Act for example. When we no longer need your information, we’ll ensure that your information is destroyed or de-identified.

How we use your personal information

What are the main reasons we collect, hold and use your information?
Because we offer a range of services and products, collecting your personal information allows us to provide you with the products and services you’ve asked for. This means we can use your information to:

  • provide you with information about products and services;
  • consider your request for products and services, including your eligibility;
  • process your application and provide you with products and services; and
  • administer products and services which includes answering your requests and complaints, varying products and services, taking any required legal action in relation to our accounts and managing our relevant product portfolios.

Can we use your information for marketing our products and services?
Given our wide organisation scope, we think we’ve learnt a lot of things along the way and we’d like to share what we know about our products with you. We may use or disclose your personal information to let you know about products and services from across the Group that might better serve your financial, e-commerce and lifestyle needs, or running competitions or promotions and other opportunities in which you may be interested. 

We may conduct these marketing activities via email, telephone, SMS, iM, mail, or any other electronic means. We may also market our products to you through third party channels (such as social networking sites), or based on your use of Group programs. We will always let you know that you can opt out from receiving our third party or Group program marketing offers. 

Where we market to prospective customers, we are happy to let them know how we obtained their information and will provide easy to follow opt-outs.

With your consent, we may disclose your personal information to third parties such as brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time. We won’t sell your personal information to any organisation outside of the Group.

Yes, You Can Opt-Out
You can let us know at any time if you no longer wish to receive direct marketing offers from the Group (see ‘Contact Us’). We will process your request as soon as practicable.

What are the other ways we use your information?

We’ve just told you some of the main reasons why we collect your information, so here’s some more insight into the ways we use your personal information for:

  • identifying you or verifying your authority to act on behalf of a client;
  • telling you about other products or services that may be of interest to you, or running competitions and other promotions (this can be via email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums), unless you tell us not to (which you can do at anytime);
  • assisting in arrangements with other organisations (such as loyalty partners) in relation to a product or service;
  • allowing us to run our business and perform administrative and operational tasks, such as:

- training staff;
- developing and marketing products and services;
- risk management;
- systems development and testing, including our website and other online channels;
- undertaking planning, research and statistical analysis;
- determining whether a beneficiary will be paid a benefit;
- preventing or investigating any fraud or crime, including any suspected fraud or crime; and
- as required by law, regulation, codes or any legal reasons.

  • where you have given your consent.

Who do we share your personal information with? 

To make sure we can meet your specific needs and for the purposes described in ‘How we use your personal information’, we sometimes need to share your personal information with others. We may share your information with other organisations for any purposes for which we use your information.

Sharing with the Group
We may share your personal information with other Group members. This could depend on the product or service you have applied for and the Group member you are dealing with.

Sharing with your representatives
We might also need to share your personal information with your representative or any person acting on your behalf (for example, financial advisors, lawyers, settlement agents, accountants, executors, administrators, trustees, guardians or auditors).

Sharing with third parties
There are times when we need to disclose your personal information to third parties outside of the Group, including:

  • authorised representatives of the Group who sell products or services on our behalf;
  • those involved in managing or administering your product or service;
  • superannuation and managed funds organisations, and their advisors;
  • brokers or referrers who refer your business to us;
  • other financial institutions, such as banks;
  • fraud reporting agencies (including organisations that assist with fraud investigations to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime or misconduct or a serious nature);
  • government or regulatory bodies (including ASIC and the Australian Tax Office) as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities);
  • our accountants, auditors, lawyers and external advisors;
  • organisations that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems;
  • payment system operators who manage our payments systems including merchants, payment organisations, card and cheque book production and statement production;
  • our joint venture partners that conduct business with us;
  • organisations involved in a corporate re-organisation or transfer of Group assets or business;
  • organisations that assist with our product planning, research and development;
  • mailing houses and telemarketing agencies who assist us to communicate with you;
  • other organisations involved in our normal business practices, including our agents and contractors; and
  • where you have given your consent.

Sharing outside of Australia
We run our business in Australia and generally we will not need to share your information with organisations outside Australia. However, where we are obliged to provide information overseas we might need to ask you before this happens. For example some nations have enacted laws to prevent tax evasion by their citizens or permanent residents, requiring us to report certain financial information to relevant overseas taxation bodies.

The Group runs its business in Australia and overseas. You can view a list of countries the Group discloses personal information to at www.nab.com.au/privacy/overseas-countries-list/.

We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your data may be held. If your information is stored in this way, disclosures may occur in countries different to those listed.

If your personal information is shared with organisations outside Australia, those organisations may be required to disclose that information under a foreign law. In such circumstances, we will not be responsible for that further disclosure.

How do you access your personal information?

We‘ll always give you access to your personal information unless there are certain legal reasons why we can’t. You can ask us to access your personal information that we hold by contacting your JBWere Adviser or JBWere’s Privacy Officer.

We will give you access to your information in the form you want it where it’s reasonable and practical. We may charge you a small fee to cover our costs when giving you access, but we’ll always check with you first.

We’re not always required to give you access to your personal information. Some of the situations where we don’t have to give you access include when:

  • we believe there is a threat to life or public safety;
  • there is an unreasonable impact on other individuals;
  • the request is frivolous;
  • the information wouldn’t be ordinarily accessible because of legal proceedings;
  • it would prejudice negotiations with you;
  • it would be unlawful;
  • it would jeopardise taking action against serious misconduct by you;
  • it would be likely to harm the activities of an enforcement body (e.g. the police); or
  • it would harm the confidentiality of our commercial information.

How do you correct your personal information?

Contact us if you think there is something wrong with the information we hold about you and we’ll try to correct it if it’s:

  • inaccurate;
  • out‑of‑date;
  • incomplete;
  • irrelevant; or
  • misleading.

If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can - if we can’t, then we’ll let you know in writing.

How do you make a complaint?

How do you generally make a complaint?
If you have a complaint about a privacy issue, please tell us about it. You can find details on our complaints management process here. You can get in contact with us by:

  • Contacting your JBWere Advisor; 
  • Investor Services Team on 1300 366 790; or
  • Writing to:
    Privacy Officer
    JBWere Limited
    GPO 4370
    Melbourne VIC 3001

Need more help?
If you still feel your issue hasn't been resolved to your satisfaction, then you can raise your concern with the Office of the Australian Information Commissioner:

Online: www.oaic.gov.au/privacy

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Fax: +61 2 9284 9666

Mail: GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601

Anything else? Important things for you to know

What if you want to interact with us anonymously or use a pseudonym?
If you have general enquiry type questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way however as we are often governed by strict regulations that require us to know who we’re dealing with. In general, we won’t be able to deal with you anonymously or where you are using a pseudonym when:

  • it is impracticable; or
  • we are required or authorised by law or a court/tribunal order to deal with you personally.

What do we do with government-related identifiers?
In certain circumstances we may be required to collect government-related identifiers such as your tax file number. We will not use or disclose this information unless we are authorised by law.

Changes to this Privacy Policy

This Policy may change. We will let you know of any changes to this Policy by posting a notification on our website. 

¹ Sensitive information is information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, genetic or biometric information.