10 November 2021
Customer Owned Banking Association Limited is committed to protecting your privacy and the confidentiality of your personal information.
Personal information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
About the Customer Owned Banking Association
Customer Owned Banking Association Limited (“COBA”) ACN 137 780 897 is a company limited by guarantee and is the industry association for the customer owned banking sector.
COBA represents Australia’s credit unions, mutual banks and building societies who are our member organisations.
COBA was formed to:
- act as a single voice for mutual financial services providers
- advocate to influence and improve the regulatory and operating environment for its members
- support its members with high quality advice and services, and
- facilitate industry events, liaison and education on relevant topics.
What information do we collect and maintain?
Personal information that we collect and hold may include your name, title, date of birth, address, email, other contact information, name of the organisation you work for, workplace location, tax file number (where allowed by law to do so) committee membership, qualifications and information about your opinions, policies, statements and writings.
We will only collect sensitive personal information about you if we have your express or implied consent or if the law otherwise permits it.
Why do we collect personal information?
We only collect, use and maintain personal information that is reasonably necessary for the performance of our legitimate functions and activities.
Generally, we collect use and maintain personal information in order to:
- enable us to contact our member organisations about matters relating to their membership;
- ensure that the services we provide and events we run are relevant to the needs of our members, including carrying out surveys and other research
- represent members and publicise to the community issues of concerns
- lobby government agencies and other relevant bodies about matters of concern to our member organisations
- identify, understand and respond to policies, ideas and opinions of our members, and
- communicate with our members and other organisations and individuals in the context of our work as an industry representative organisation.
How do we collect personal information?
We may also collect personal information from other sources such as oral sources and correspondence and other written material sent to us, as well as information from publicly available sources such as newspapers, electronic media, records of proceedings and public registers.
If you purchase a product or service from COBA using a credit card, your credit card information is used to process the payment. Credit card details are not stored and our database only records that you purchased a product or service and how much you paid for it. We will protect the security your credit card details by using SSL encryption technology when processing your payment.
How do we use and disclose your personal information?
We will use and disclose your personal information for the primary purpose for which it was collected. We may also use and disclose your personal information for related or ancillary purposes (such as invoicing, sending invitations to seminars and other events, market research, and to improve our service and communications).
We may disclose personal information to:
- our member organisations
- those organisations as required or authorised by law
- your representatives, including your legal advisers
- our representatives, such as our legal advisers
- service providers such as printers and posting services and organisations involved in the provision and maintenance of our business systems and infrastructure, and
- those organisations where you have given your consent.
We do not disclose personal information we collect to third parties for the purpose of allowing them to direct market their products and services.
Where your personal information is disclosed, we will seek to ensure that the information is held, used or disclosed consistently with the Australian Privacy Principles and other applicable laws and codes.
How do we store and protect your personal information?
We store your personal information in a number of ways including:
- in computer systems or databases including cloud storage; and
- in hard copy or paper files.
This may include storage on our behalf by trusted third party service providers.
The security of your personal information is important to us and we take all reasonable precautions to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:
- confidentiality requirements and internal policies for our employees
- security measures including passwords for access to our systems
- only giving access to personal information to a person who is verified to be able to receive that information
- having confidential face-to-face discussions between you and us in a secure environment
- control of access to our buildings, and
- electronic security systems, such as firewalls, virus software and data encryption on our websites.
Whilst we take all reasonable measures, no data transmission over the internet can be guaranteed to be totally secure.
To assist us we expect you to take appropriate steps to ensure security of your information including keeping your passwords confidential and logging out properly when you leave your computer.
COBA will delete from its records personal information that is no longer required. We will ensure that deletion of information is carried out securely.
Do we disclose your personal information to third parties?
We may disclose your personal information to third parties where they help us with our business, or you consent to do so.
Where your personal information is disclosed to third parties, we will seek to ensure that the information is held, used or disclosed consistently with the Australian Privacy Principles in Part IIIA of the Privacy Act 1988.
Types of third parties include:
- parties involved in providing, managing or administering your services and assisting us with our business such as third-party suppliers, printers, bulk mail services, database providers, market research companies, authorised representatives and our legal, tax, audit and accountancy advisers; and
- parties maintaining, reviewing and developing our business systems, procedures and infrastructure including updating and maintaining our data or upgrading our computer systems;
We may also disclose your personal information to third parties in circumstances where:
- we must fulfil our legal obligations (for example, disclosure to Australian (and international) enforcement bodies such as the Australian Securities and Investments Commission (ASIC), the Australian Taxation Office (ATO), the Australian Transaction Reports and Analysis Centre (AUSTRAC), Centrelink or the Courts)
- it is in the public interest (that is, to protect our interests or where we have a duty to the public to disclose, or where it is necessary in proceedings before a court or tribunal), where we reasonably consider it to be in your interests or where a crime or fraud is committed or is suspected;
- it is for the purposes of preventing or managing the risks associated with a communicable disease (for example, COVID-19). In these circumstances, personal information (including sensitive information) may be used or disclosed for these purposes including tracing individuals, notifying individuals who may have been exposed and advising relevant Government authorities and agencies;
- it can be reasonably inferred from the circumstances that you consent to your personal information being disclosed to a third party; or
- we are permitted or compelled by law to disclose the information.
Your personal information may be sent outside Australia where, for example, we outsource a function or service to a third party with whom we have a contractual arrangement.
We will not send your personal information outside Australia unless it is authorised by law and we are satisfied that the recipient of the personal information has adequate data protection arrangements in place. Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.
The countries to which we are likely to disclose your personal information include the US.
How can you access and amend your personal information?
You may request access to your personal information held by COBA. You may also request that your personal information be updated or corrected.
If we hold information about you that you are legally entitled to access, we will provide you with that information on request within a reasonable period of time, if we are able to do so. There are some exceptions to our general obligation to give you access to your personal information held by us, for instance, if it would be unlawful for us to do so, or if your request is frivolous or vexatious, or if the information is relevant to a legal dispute, and in some other circumstances.
COBA will also take reasonable steps to correct your personal information held by us to ensure that that information is accurate, complete and up to date.
You can request access to your personal information, or that your personal information be updated or corrected, by writing to us at the address provided below (see contact details).
Complaints about privacy
If you have a complaint about how we have handled your personal information, please contact us in writing (see contact details below). We will acknowledge your complaint promptly, either verbally or in writing and do our best to resolve it straight away. We aim to resolve all complaints within 21 days of receipt of the complaint by COBA, however in some cases it may take up to 30 days. Your complaint may take a little longer to assess if we need more information or if your complaint is complex. In all cases we’ll keep you updated on the progress.
We are unable to handle or assist you with a privacy complaint involving a member organisation. If you have a privacy complaint about a member, you should contact them directly.
Further information about privacy
Further information about privacy law and your rights can be found on the Privacy Commissioner’s website.