Legal Notes Credit Suisse Australia Privacy and Credit Reporting Policy
We respect your privacy. Please read this policy carefully so that you can understand how we collect and use the personal and credit information that you provide to us.
This policy is intended to help you understand how Credit Suisse manages the personal and credit information about you that we collect, hold, use and disclose, how you can seek access to and correction of that information and, if necessary, how you can make a complaint relating to our handling of that information.
We are serious about our responsibility to protect your personal and credit information and manage it consistently with the Privacy Act and Credit Reporting Code. Credit Suisse in Australia, which includes Credit Suisse AG; Credit Suisse Investment Services (Australia) Limited; Credit Suisse Equities (Australia) Limited, Credit Suisse (Australia) Limited and any other Credit Suisse entity carrying on business in Australia, is committed to maintaining the privacy of our clients. Unless stated otherwise, this policy is relevant to the personal and credit information of both our current and former clients, as well as other individuals we may deal with (for example, guarantors, directors and shareholders relating to our clients, or individuals we deal with in other capacities as part of our business).
This policy also includes our credit reporting policy, it covers additional information on how we manage your personal information collected in connection with a credit application or a credit facility. We refer to this credit-related information in this policy as credit information.
The personal information we collect and how we do so will vary based on why we are collecting the information, for example, if you are a client it will depend on the product or service we are providing. Information we collect may include:
- Information collected on application forms, questionnaires or other documentation or communications, such as your name, date of birth, residential and business addresses, telephone numbers, email and other electronic addresses, occupation, assets, expense, income, dependents and details about your business dealings and other events in your life;
- Information about your transactions and products with us, our affiliates, or third parties, such as account balances, payment history and details about account activity and product use;
- Sensitive information, including professional associations (e.g. you provide to us so that we can conduct an investment suitability assessment); membership of political associations or health information (e.g. health information you may provide to us if you make a hardship application in connection with a loan). Unless required by law, we will only collect sensitive information with your consent;
- Government identifiers such as your tax file number, driving license number, ABN or passport number (for example, to verify your identity at the time you request a product or service); and
- Other information we think is necessary to your relationship with us such as the name and contact details of your professional advisers or representatives such as your solicitor, accountant; your referees or guarantors within credit applications you provide to us; information contained in identity documents that you may provide to us (such as the names of your parents and siblings in your birth certificate);
We usually collect your personal information directly from you but sometimes we may need to collect personal information about you from third parties or publicly available records for example, we may use internet search engines, white pages, internet articles and social media when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way.
Where you deal with us via an agent or attorney we will also collect their personal information before we deal with them.
When we check your credit worthiness and at other times we may collect information about you from and give information about you to Credit Reporting Bodies (CRBs). This information may include:
- Your current and prior names and addresses, date of birth, gender, the name of your employer) and your driver’s licence number;
- That you have applied for consumer or commercial credit (including the name of each relevant credit provider), the type and amount of that credit and the fact we have accessed your consumer credit information to assess a relevant application;
- That we and other credit providers are or have been a provider of credit to you and the type, certain terms that relate to repayment and maximum amount of credit that we have provided or will provide;
- The date that any credit contract we or other credit providers have or had with you was entered into and the date that it is terminated or otherwise ceases;
- Your repayment history i.e. whether in relation to credit facilities provided by us or other credit providers, you have made payments when due and if not when overdue payments have been made;
- Court proceedings information, personal insolvency information and credit-related publicly available information;
- Payments owed to us or another credit provider, in connection with credit provided to you or in relation to which you are a guarantor, overdue for more than 60 days (and, if you subsequently repay any such overdue payment, the fact of that repayment);
- Whether in our or another credit provider’s opinion you have committed a serious credit infringement;
- Whether you have entered into arrangements with us or other credit providers in connection with credit provided to you;
Our scores, ratings, summaries, evaluations and other information relating to your credit worthiness are derived by us or by CRBs wholly or partly on the basis of the information above.
While the Privacy Act uses a variety of terms to refer to the information above, to make it easier to read this policy, we refer to it collectively as “credit information”.
We usually collect your personal and credit information directly from you but sometimes we may need to collect personal and credit information about you from third parties.
We collect credit information from details included in your loan application and we may also collect credit information from CRBs; other credit providers; your co-loan applicants or co-borrowers; your guarantors/proposed guarantors; your employer, accountant, real estate agent or other referees; your agents and other representatives like your referrers, brokers, solicitors, conveyancers and settlement agents; organisations that help us to process credit applications such as mortgage managers; organisations that check the security you are offering such as valuers; organisations providing lenders mortgage insurance and title insurance to us; bodies that issue identification documents to help us check your identity; and our service providers involved in helping us to provide credit or to administer credit products, including our debt collectors and our legal advisers.
Your personal and credit information may be held in physical or electronic form on our systems or the systems of our service providers and is protected by physical, electronic and procedural safeguards. We apply a need to know/need to have policy which means that individuals are only given access to the information that they require in order to perform their duties. We also require our service providers to follow appropriate standards of confidentiality and security when holding and processing your information
If you do not provide your personal information we may not be able to open an account for you; provide financial products and services; manage or administer your products or services; protect against fraud or let you know about other products or services that are available.
We will collect personal information from you that is reasonably necessary for our business functions and activities. Typically we collect, use and disclose your personal information for the following purposes:
- To process applications or requests for our products or services (including verifying a person’s identity for these purposes);
- To respond to inquiries about applications, accounts or other products, services or arrangements including varying products and services and answering your requests and complaints;
- To administer; maintain, manage and operate our products and services or other relationships and arrangements, including processing receipts, payments and invoices and performing any functions and activities related to the products and/or services provided by us including, to audit, report (including analyses and materials and information generally in relation to investments and markets), conduct market research, and carry out general servicing and maintenance of online and other services and to update your information on your request or otherwise;
- To detect and prevent fraud and other risks to us and our clients and assess insurance risks and claims by conducting identity, credit, money laundering and conflict checks (including consideration of information regarding political affiliations and criminal offences committed or alleged to have been committed);
- To promote our goods and services and those of related Credit Suisse companies overseas through direct marketing and to research, develop and design products and services to meet our client needs;
- To maintain and develop our systems and infrastructure (including undertaking testing);
- To introduce or cross-refer our clients to affiliated companies wherever situated within Credit Suisse and allowing our affiliates and selected companies to promote their products and services to you;
- To enforce our rights, including undertaking debt collection activities and legal proceedings.
- To meet legal and regulatory requirements. We may need to collect and/or disclose your personal information in order to comply with obligations under different Australian and international laws. Such laws include the National Consumer Credit Protection Act (e.g. to comply with responsible lending requirements), the Anti-Money Laundering and Counter-Terrorism Financing Act (e.g. to comply with identity verification requirements), the Personal Property Securities Act and State and Territory real property and security interests laws (e.g. to register and search for security interests), the Banking Act, the Financial Sector (Collection of Data) Act, the Corporations Act and other regulatory legislation (e.g. requiring us to maintain client and transaction records, to provide information relating to your deposits and loans to APRA for prudential and monitoring purposes and to make reports and provide other information to regulators such as ASIC) and the Tax Laws Amendment (Implementation of the Common Reporting Standard) Act 2016 (e.g. requiring us to report to the ATO financial account information on non-residents), the Taxation Administration Act, the Income Tax Assessment Act and other taxation laws (e.g. to comply with information requests issued by the Commissioner of Taxation) and Chapter 4 of Subtitle A of the United States Internal Revenue Code of 1986 as amended or supplement from time to time (“FATCA”) (e.g. requiring us to establish whether you are a citizen of the United States, resident of the United States for its federal income tax purposes or otherwise subject to tax in the United States and/or to substantiate whether your account has US status for the purposes of FATCA);
If you are applying for credit or you have obtained credit from us or if you guarantee or are considering guaranteeing the obligations of another person to us or you are a director of a company that is a loan applicant or borrower or guarantor we may collect, use and disclose your credit information for purposes including:
- To form decisions as to whether to provide you, or an entity associated with you, with credit or to accept you as a guarantor;
- To derive scores (a calculation that lets us know how likely you will repay the credit we make available to you), ratings, summaries and evaluations relating to your credit worthiness which are used in our decision-making processes and ongoing reviews;
- To manage credit we may provide, including to determine whether you are eligible to receive particular offers and invitations, to deal with our mortgage insurers and to develop our services and maintain and develop our systems and infrastructure;
- To participate in the credit reporting system and providing information to CRBs as permitted by Part IIIA of the Privacy Act and the Credit Reporting Code;
- To assist you to avoid defaulting on your credit-related obligations;
- To undertake debt recovery and enforcement activities including in relation to guarantors and to deal with serious credit infringements;
- To deal with complaints and to assist other credit providers to do the same; and
- To meet legal and regulatory requirements.
We receive services from other Credit Suisse companies and external service providers, some of which may be located outside of Australia (see the additional section below titled "Overseas Disclosures" for more information), and your information may be provided to them for this purpose. We may also disclose your personal information to other Credit Suisse entities and to third parties for the purposes listed above.
Third parties to whom we disclose your personal information may include:
- Our related Credit Suisse companies in Australia and overseas and joint venture partners that conduct business with us;
- Any person to whom disclosure of your personal information is necessary in order for us to validly provide, manage, administer and/or enforce any services or transactions requested or authorized by you including:
- administrative service providers, such as mailing houses, printers and call centre operators;
- custodian; registry and agents or brokers to whom we delegate any of our duties, functions or obligations under any of our agreements with you;
- any person with whom we enter into any contractual or other arrangement in relation to any of the services and facilities we provide or propose to provide to you including any guarantors, sureties, third party security providers and/or third party service providers
- participants in financial and payment systems, such as other banks, credit providers and clearing entities;
- organisations that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems
- Legal, audit, settlement and valuation and any other professional service providers under a duty of confidentiality to us;
- Data processing and market research service providers who provide marketing, market research, or other related services to us in connection with the development and promotion of our business;
- Regulatory bodies in Australia and overseas including ASX Limited (ASX and ASX 24) where required under the ASX Operating Rules. ASX Limited may use your personal information for its own purposes including in the course of compliance activities;
- Financial and other advisors, brokers and distributors who provide introducing services to us or to whom we provide introductions or referrals;
- Insurers, assessors and underwriters;
- Your guarantors and security providers;
- Debt collectors or any person in connection with any claims involving you in respect of any products and/or services provided by us;
- Government or regulatory bodies (including ASIC and the ATO) as required or authorized by law (in some instances these bodies may share information with relevant foreign authorities);
- Fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime or misconduct of a serious nature);
- Organisations wishing to acquire an interest in any part of our business from time to time;
- Any person to whom we are under an obligation to make disclosure under the requirements of any law, rules, regulations, codes of practice, guidelines or voluntary arrangements binding on us including, any applicable regulators, governmental bodies or industry recognized bodies such as future exchanges, fiscal and monetary authorities, securities exchanges (all of which may be within or outside of Australia) and where otherwise required by law, including, without limitation , to any tax authority of any jurisdiction (including but not limited to the United States Internal Revenue Service) for the purposes specified above (including but not limited to the compliance with FATCA), or where we have reason to believe you may be a resident for tax purposes, citizen or otherwise subject to tax.
We may disclose your credit information to CRBs for purposes such as those described above where the Privacy Act permits us to do so or where required or authorized by law. For example, if you fail to meet your payment obligations in relation to consumer credit provided by us or if you commit a serious credit infringement we may be entitled to disclose this to CRBs. Some of that information may reflect adversely on your credit worthiness.
CRBs may include credit information provided by us in reports provided to credit providers to assist them to assess your credit worthiness.
We share credit information with the following CRBs:
Attn: Public Access Centre
PO Box 7083
Sydney NSW 2001
1300 734 806
Veda Advantage Information Services and Solutions Limited
Attn: Public Access Centre
PO Box 964
North Sydney NSW 2059
1300 850 211
Opting out of direct marketing pre-screenings
A CRB may use your credit reporting information to assist a credit provider to market to you by pre-screening you for direct marketing by the credit provider. This process is known as a “pre-screening”. If you do not want the CRB listed above to use your information for the purpose of pre-screening, you have the right under the Privacy Act to request that they exclude you by contacting them.
If you are a victim of fraud (including identity-related fraud)
You are entitled under the Privacy Act to request that a CRB not use or disclose credit reporting information they hold about you in circumstances where you reasonably believe that you have been or are likely to be a victim of fraud, including identity-related fraud. The period while this applies is called a “ban period”. You can make such a request to the CRB listed above.
We may as permitted by law also share credit information with third parties, including:
- Other credit providers;
- Our related companies;
- Organisations that perform credit assessment, management and debt collection activities on our behalf;
- Current or prospective guarantors or security providers in relation to credit we are providing to you;
- Mortgage insurers;
- Organisations involved in debt assignment;
- Our external dispute resolution scheme.
In some circumstances we may require your consent before being able to make such disclosures.
Credit Suisse is a global organization. As such, some of the above recipients of personal or credit information may be located outside of Australia. It is not reasonably practicable to list all of the countries to which your information may be transmitted from time to time but it is likely that such countries will include countries in which Credit Suisse has offices in globally or to countries in which you are tax resident. A list of those countries is available through the Australia drop down link next to the client login on the Credit Suisse website at www.credit-suisse.com.au and include India, Singapore, Hong Kong, Switzerland, Poland United States, United Kingdom, Korea and Japan.
We may store your information in various types of networked or electronic storage (including cloud). As these storage methods can be accessed from various countries via an internet connection it is not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed.
Overseas locations include jurisdictions which do not have data protection laws or laws that provide the same level of protection as Australia and in which you may not be able to seek redress if the overseas recipient handles your information in breach of the Australian Privacy Principles.
Whether processed in Australia or overseas, in addition to any applicable data protection legislation, your information will be protected by data protection controls which all members of the Credit Suisse Group, their staff and third parties, with whom Credit Suisse has entered into a written contract are subject to. As a result, if you provide personal or credit information to Credit Suisse you consent to the disclosure of the information offshore and acknowledge that we will not take further steps to ensure that overseas recipients do not breach the Australian Privacy Principles under the Privacy Act.
Overseas organisations may be required to disclose information we share with them under a foreign law.
We will not share your credit information with a CRB, unless it has a business operation in Australia.
We are not likely to share credit information we obtain from a CRB or that we derive from that information with third parties unless they have business operations in Australia. We will, however, share credit information with our related companies. We are likely to share other credit information with organisations outside of Australia for the limited purposes of managing your credit information or for debt collection. When we do so, we remain responsible for that disclosure and will ensure that your credit information is handled according to the requirements under the Part IIIA of the Privacy Act.
You have the right to access information we hold about you by contacting our Privacy Officer whose contact details can be found below. We will endeavour to respond within 30 days and there is no charge for making such a request.
However to help us locate and provide the information you request we need you to be reasonably specific about the information you require and we will need to validate your identity (to ensure that we do not provide your information to anyone who does not have the right to that information).
There are some exceptions to your right of access to your personal information, factors affecting a right to access include where:
- Denying access is required or authorized by or under an Australian law or a court/tribunal order;
- Access would prejudice enforcement activities or the taking of appropriate action in relation to unlawful activity or serious misconduct;
- The information relates to existing or anticipated legal proceedings between you and Credit Suisse and would not be accessible by the process of discovery
- The information would prejudice negotiations with you
- Access would have an unreasonable impact on the privacy of others
- The information relates to a commercial sensitive decision making process
- Access would be unlawful;
- The request for access is frivolous or vexatious
- We reasonably believe that access would pose a serious threat to the life, health or safety of an individual, or to public health or public safety.
We are not required to give you access to your credit information if:
- Access would be unlawful;
- Denying access is required or authorized by or under an Australian law or a court/tribunal order; or
- Access would prejudice enforcement activities.
Under the Privacy Act you have the right to request that we correct information that we hold about you. If you would like to do so please contact the Privacy Officer using the contact details below.
We will normally try to resolve correction requests within 30 days of your making a request. If we need more time to resolve your request we will notify you in writing as to the delay and seek your agreement to a longer period. If we consider it necessary in order to deal with your request we may consult with a CRB or another credit provider. If we do not agree with a request to correct information we will give you notice in writing as to our reasons including evidence substantiating the correctness of that information and the mechanisms available to you to complain about our decision.
There is no cost involved for you to make a correction request or for the correction of your information.
We may use your personal information for the purposes of marketing our products and services. You can opt out of receiving direct marketing material at any time by contacting us (see “contacting us” below). If you do opt out, we will continue to provide information in relation to your existing accounts or facilities only (including new features or products related to these accounts/facilities).
Yes, we may monitor and record your calls for purposes including compliance and service quality control.
If you have general questions you can choose to ask us anonymously or use a pseudonym but we may not always be able to interact with you this way as we are often required by strict regulations to know who we are dealing with. Generally we will not be able to deal with you anonymously or where you are using a pseudonym when it is impracticable or where we are required or authorized by law or a court/tribunal order to deal with you personally.
If you believe that we have not complied with the Privacy Act or the Credit Reporting Code in relation to your personal information please raise this in writing with the Privacy Officer.
If your complaint is in relation to your credit information held by us, we will acknowledge your complaint within 7 days.
We will investigate all complaints and aim to resolve them within 30 days. If we cannot resolve your complaint within this period we will notify you as to the reasons why, specify a date when we expect a resolution and seek your agreement to extend this 30 day period (if you do not agree, we may then not be able to resolve your complaint).
If your complaint relates to credit information and we consider it necessary in order to deal with your complaint, we may consult with a CRB or another credit provider. If, while the complaint remains unresolved, we are disclosing information subject to the complaint to a third party, we may advise the third party about the complaint.
If we fail to deal with your complaint to your satisfaction you may refer the complaint to the Australian Financial Complaints Authority ("AFCA") which is Credit Suisse AG’s External Dispute Resolution scheme. You can contact AFCA at:
You also have the right to make a complaint to the Office of the Australian Information Commissioner in relation to both personal information and credit information.
Credit Suisse Privacy Officer
Level 31, Gateway Building
Sydney NSW 2000
Telephone: 612 8205 4400
Please do not include CIF numbers, account numbers or other sensitive information in emails because it may not be secure.
We may make changes to this policy from time to time without notice, via uploading an updated version of the policy on our website. This policy was last updated November 2018.