Privacy matters to us and we know it matters to you. We take people’s privacy very seriously and it is essential to us that we look after and secure information that we collect. Our primary purpose in collecting any personal information, as defined in the Privacy Act 1988 (Cth) and referred to in section 1.3 and throughout the privacy policy, is to resolve financial complaints that are lodged with us.
This summary sets out key points of our privacy policy. You should refer to the privacy policy if you would like more information than what is provided in this summary.
This current policy came into effect in August 2024 and may change over time.
Scope
We provide consumers and small businesses with fair, free and independent dispute resolution for complaints about financial firms.
We collect, hold, use and disclose your personal information to carry out our functions and activities as an external dispute resolution scheme. Our Rules and Operational Guidelines set out how we deal with complaints and confidentiality requirements.
Collection of your personal information
There are three ways that we collect information.
- You give it to us. Most of your personal information (including sensitive information[1]) is provided by you directly or by your authorised representative when you lodge a complaint with us. This can include your name, email, address, date of birth and/or phone number. You may also provide personal information when you use our web chat or our portal services. We will also usually collect personal information if you apply for a job at AFCA or if you subscribe to our mailing lists.
- Your financial firm gives it to us. To resolve your complaint, your financial firm may provide us with information on your behalf.
- We get it from other sources. Sometimes we may need to collect personal information from other people and organisations when we are dealing with a complaint, assisting regulators or seeking to improve our services.
- For example, we may collect personal information from:
- other parties to a complaint
- publicly available sources, if the information relates to our investigation of a complaint
- regulators or government agencies, including ASIC and the ATO
- other third parties, such as employers and reference checking agencies, during our recruitment process, and
- third party suppliers to enable us to operate our service.
- We may also collect information through our website, surveys and social networking services such as publicly available pages on Facebook, LinkedIn, Twitter and YouTube. For example, we may use this information to improve our website and receive feedback from the community.
- We use Campaign Monitor, Eventbrite and Vimeo to manage our mailing lists, event registrations and livestreams of events.
- For example, we may collect personal information from:
Use or disclosure of your personal information
We will use or disclose your personal information to primarily resolve financial complaints that are lodged with us and, in the case of members, provide our membership services. We may also use or disclose your personal information for our other functions and activities such as:
- our investigative obligations in relation to systemic issues and serious contraventions
- monitoring compliance with industry codes of practice
- meeting our reporting obligations to regulators and other government agencies.
- complying with all applicable laws
- improving our services
- managing any employment application you make to us, and
- general business, procurement and administration.
Managing your personal information
We may store your information in hard copy or electronic format. We keep information in secure systems that we own and operate ourselves, or that are owned and operated by our contracted service providers.
We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold and we require our contracted service providers to do the same.
We endeavour to ensure that personal information is kept as current as possible and some data is deleted or made anonymous when appropriate. Some personal information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.
Disclosure
We only share personal information for the agreed purpose that we collected the information.
To ensure we can resolve complaints fairly and effectively, we disclose information to the financial firm about your complaint and, where relevant, affected third parties for certain superannuation complaints. We may disclose your information to your authorised representative and other parties when you ask us to do so.
We may also share personal information with other parties if permitted or required by law (such as sharing information with regulators).
We use contracted service providers, Campaign Monitor, Eventbrite and Vimeo, to manage our mailing lists and events, which can involve disclosure of personal information for this purpose.
We may share personal information with contracted service providers (including cloud storage providers with servers located in Australia) for the purposes of running our operations and providing our services. Some contracted service providers may process or store data overseas.
Accessing your personal information
We are not a government department or agency. This means we are not subject to the Freedom of Information (FOI) Act.
You do have the right, however, to request access to your personal information under the Privacy Act. We will give you access to your personal information that we hold unless there are legal reasons why we can’t.
What information can you obtain?
Any privacy access request that you make is limited to only personal information about you. Full copies of complaint files or information about others will not be provided in response to your request.
If we can’t give you access, we will tell you why in writing or we will redact the information we cannot give you. If you have concerns, you can make a complaint.
To make a privacy access request, email us at privacy@afca.org.au. We will need to verify your identity before giving you access. There is no fee to ask for your information, but sometimes we may charge you an administrative fee to recover our costs for providing access to your personal information.
Correcting your personal information
Contact us if you think there is something wrong with the personal information we hold about you. As an alternative to your AFCA contact, you can email your correction request at privacy@afca.org.au. We will need to verify your identity before making any changes to the personal information we hold.
If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction.
How to make a complaint
You can complain to us here if you have a concern about how we have handled your personal information or your personal information access request. If you submit a complaint about our service, your concerns will be handled in accordance with our Service Complaints & Feedback Policy.
If your complaint isn’t satisfactorily resolved, you may complain to the Office of the Australian Information Commissioner (OAIC). We will explain this all clearly to you in writing, if applicable.
How to contact us
You can:
- Email privacy@afca.org.au
- Call 1800 931 678, or
- Post: AFCA Privacy
Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001
Other assisted contact options are also available.
- Interpreter Service 131 450
- National Relay Service
- Voice Relay 1300 555 727
- TTY 133 677
- SMS Relay 0423 677 767
[1] Sensitive information is information or an opinion about a person’s racial or ethnic origin, political opinions, membership of political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, genetic or certain biometric information.