Skip to Content
BSB 704-191
female-glasses-professional-classroom-hero

Privacy Policy

  • Bank First Privacy Policy

    1. About this Privacy Policy

    1.1 Victoria Teachers Limited trading as Bank First (ACN 087 651 769) (Bank First, we, us or our) has implemented this Privacy Policy to provide information about what kinds of Personal Information we may collect or hold, how we collect, hold, use and disclose that Personal Information, choices you have regarding our use of that Personal Information, and your ability to access or correct that Personal Information. If you wish to make any inquiries regarding this Privacy Policy, you should contact our Privacy Officer in any of the ways specified in section 16 of this Privacy Policy.

    1.2 From time to time, Bank First may be related to other companies and entities (related entities). This Privacy Policy applies to the use of your Personal Information by us and by those related entities. Those related entities may also have their own privacy policies which set out additional detail or differences in their privacy practices. To the extent that those privacy policies are inconsistent with this Privacy Policy, those privacy policies will prevail over this Privacy Policy in relation to the actions of those related entities. A reference in this Privacy Policy to Bank First, we, us or our is also a reference to those related entities.

    1.3 This Privacy Policy also includes our Credit Reporting Policy which explains how we collect, use, disclose and hold credit-related information about you. Our handling of such information is regulated by the Privacy Act and the Privacy (Credit Reporting) Code.

    1.4 Depending on the circumstances in which you engage with us, including the product or service you apply for, or obtain, from us, and whether directly with us or with the support of a third party, some or all of this Privacy Policy may be relevant to you in addition to any privacy notice of that third party.

    1.5 On occasion, we will need to provide you with additional information specific to collection of personal information, in which case we may provide you with a supplementary privacy notice. Please read this Privacy Policy, and any supplementary privacy notice provided to you, and contact us if you have any questions.

    2. Key types of information we collect

    2.1 Certain words have special meanings when used in this Privacy Policy. These are shown below.

    (a) Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable.

    (b) CP derived information means information that is derived from credit reporting information that has been obtained from a credit reporting body, that has any bearing on the individual's credit worthiness and that is used, has been used or could be used in establishing the individual's eligibility for consumer credit, and includes information created through our internal processes, like credit eligibility scoring information.

    (c) Credit eligibility information means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about an individual's credit worthiness, and includes the following:

    • (i) Credit Score Assessment – An internal credit score based on bureau data, incorporating repayment history, credit inquiries, and adverse events such as defaults or bankruptcies;

    • (ii) Risk Tiering & Segmentation – Classification of applicants into different risk categories based on their credit profile, which informs lending decisions and pricing strategies;

    • (iii) Serviceability Assessment – Verification of an applicant’s ability to meet repayment obligations, incorporating external credit data alongside income and expense assessments;

    • (iv) Credit Limit & Product Eligibility – Determination of suitable credit limits and products based on the individual's credit history, debt exposure, and risk profile;

    • (v) Fraud & Identity Verification Checks – Use of credit bureau data to flag potential identity fraud risks, inconsistencies, or suspicious credit behaviours; and

    • (vi) Hardship & Collections Risk Assessment – Monitoring existing customers' credit bureau data for early indicators of financial distress, which informs proactive engagement strategies.

    (d) Credit information means personal information that includes the following:

    • (i) information about an individual, like their name, age, address and employment details, that we may use to identify that individual;

    • (ii) information about an individual's current or terminated consumer credit accounts and their repayment history;

    • (iii) financial hardship information;

    • (iv) the type and amount of credit applied for in any previous consumer or commercial credit applications to any credit provider, where that credit provider has requested information;

    • (v) information about an individual from a credit reporting body;

    • (vi) information about consumer credit payments overdue for at least 60 days and for which collection action has started;

    • (vii) advice that payments that were previously notified to a credit reporting body as overdue are no longer overdue;

    • (viii) information about new credit arrangements an individual may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any defaults or serious credit infringements by that individual;

    • (ix) information about court judgments which relate to credit that an individual has obtained or applied for;

    • (x) information about an individual on the National Personal Insolvency Index;

    • (xi) publicly available information about an individual's credit worthiness; and

    • (xii) an opinion of a credit provider that an individual has committed a serious credit infringement of credit provided by that credit provider.

    (e) Credit-related information means credit information, credit eligibility information, CP derived information and related information.

    We may not hold all of these kinds of credit-related information about a particular individual. However, if we hold any of these kinds of information, it is protected as "credit-related information" under this Privacy Policy.

    3. What Personal Information (and credit-related information) do we collect and hold?

    3.1 The types of Personal Information we may collect from you will depend upon the nature of our interaction with you. Personal Information that we collect may include (but is not limited to) the following:

    Types of personal information

    This includes:

    Identity information

    Full name, preferred name, age or date of birth, document identification numbers (such as passports, driver's licence, Medicare numbers, or other national cards); other identity verification information including from third parties, the Australian Government's Document Verification Service (DVS), other countries' identity verification sources, identity information from credit files, and other data reference points.

    Contact information

    Email address, contact number and mailing or residential address.

    Financial information

    Bank account or credit card information, and information about your employment, income, financial assets, and liabilities.

    Socio-demographic information

    Your marital status, age, gender, number of dependants, occupation and nationality.

    Employment information

    Occupation and employment details including employment status and any previous work experience and information from or in connection with your resume or job application if you apply for a position with us.

    Interaction information

    Details of when you interact with us, including your interactions with us, telephone, web portal or live chat when you raise an inquiry, complete a form, provide feedback or a complaint; interaction through our websites and digital channels, including social media accounts; photographs and/or images from camera footage such as CCTV cameras in our premises.

    Information about financial hardship

    If you notify us that you’re experiencing financial hardship we may ask you to provide certain information about your personal circumstances, including unexpected changes to your financial situation, such as loss of employment, relationship breakdown, or a death in the family.

    Digital information

    Information you provide to us through our website or use of our website, social media platforms or through other websites or accounts from which you permit us to collect information (including publicly available content).

    Marketing information

    Information provided through surveys or when you enter any of our promotions or competitions.

    Publicly available information

    Information from public registers such as the Australian Securities and Investments Commission register, or the Personal Property Securities Register (PPSR).

    Sensitive information

    Includes information about your racial or ethnic origin, health or genetic information, your biometric information used to verify your identity, political opinions or associations, religious or philosophical beliefs, trade union membership or associations, sexual orientation or practices and criminal record.

    Credit-related information

    The credit-related information specified at section 2.1 of this Privacy Policy.

    Supplier information

    Generally, information to assess your business (such as its key personnel) and business contact information (names, roles, contact details) to communicate with you, arrange and administer your provision of goods and services to us.

    AML/CTF information

    We are also required by various laws to collect certain information including Personal Information. Those laws include the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act), the AML/CTF Rules under the AML/CTF Act, and other regulatory schemes.

    4. How and when do we collect Personal Information?

    4.1 We collect your Personal Information to allow us to conduct our business functions, to provide, market and sell our products and services and for the specified purposes set out in section 6 of this Privacy Policy. In some circumstances the collection of Personal Information may be required by law.

    4.2 We may collect your Personal Information:

    • (a) when you use or buy our products or services;

    • (b) when you provide us, or you offer or apply to supply us, with goods or services;

    • (c) when you provide information to us in any way (including by completing a form, disclosing information over the phone or via email, or providing us a business card);

    • (d) when you request information about us, our products or our services;

    • (e) when you provide feedback to us;

    • (f) when you visit or fill in a form on our website (see section 5 of this Privacy Policy);

    • (g) when you register for or use an account on our website;

    • (h) when you visit premises from which we operate;

    • (i) when you (or your employer) provide that information to us in the course of conducting or administering our relationship with you, or when you are carrying out activities in connection with our business operations;

    • (j) as set out in our Credit Application Form and Credit Reporting Policy, when you apply for a credit account;

    • (k) when you submit a job application to us;

    • (l) when you otherwise contact us by telephone, fax, email, social media, post or in person; or

    • (m) where we are otherwise required or authorised by law to do so.

    4.3 Generally, when providing our products and services, dealing with our personnel, or obtaining goods and services from our service providers, suppliers or contractors, we collect Personal Information directly from the relevant individual where reasonable and practicable.

    4.4 We may also collect Personal Information about you from third parties and other sources such as:

    • (a) identity verification service providers, who in turn may access third party databases, document issuers, official record holders, DVS and other sources in order to perform identity verification services;

    • (b) your nominated representatives (eg spouse, accountant, power of attorney, brokers and other professional advisors);

    • (c) publicly available sources of information;

    • (d) related entities, companies and businesses of Bank First; or

    • (e) credit reporting bodies,

    but we will only collect your Personal Information in this way if it is unreasonable or impracticable to collect this information directly from you or if we are otherwise permitted to do so.

    4.5 If the Personal Information we collect includes sensitive information, including health information, we will ask for your consent to collect sensitive information, unless the law allows us to collect it without your consent.

    4.6 Where we engage with you multiple times over a short period in relation to the same matter, we may not provide you with a separate notice about privacy each time we engage with you.

    4.7 If you choose not to provide your Personal Information to us for the purposes set out in this Privacy Policy, or if we do not or are unable to collect the Personal Information we require, we may not be able to provide you with some requested information, products or services, or to effectively conduct our relationship with you.

    5. Information collected via our website and other technology

    5.1 Personal Information may be collected by us and by our third party service providers who assist us in operating our website at https://www.bankfirst.com.au/, including its/their subdomains and any other website we operate from time to time.

    5.2 We may use various technological methods from time to time to track the visiting patterns of individuals accessing our website or using our technology including but not limited to the methods set out in this section 5 of this Privacy Policy.

    Google Analytics

    5.3 We use Google Analytics to help analyse how you use our website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated is used to create reports about the use of our website. Google will store this information.

    5.4 If you do not want your website visit data reported by Google Analytics, you can install the Google Analytics opt-out browser add-on. For more details on installing and uninstalling the add-on, please visit the Google Analytics opt-out page at https://tools.google.com/dlpage/gaoptout.

    Click Stream Data

    5.5 When you read, browse or download information from our website, we or our internet service provider may also collect information such as the date, time and duration of a visit, the pages accessed, the IP address of your computer, and any information downloaded. Generally, this information may be used for purposes including statistical, reporting and website administration, maintenance and improvement purposes.

    Cookies

    5.6 Our website may use 'cookies' from time to time. Cookies are small text files that are transferred to a user's computer hard drive by a website for the purpose of storing information about a user's identity, browser type or website visiting patterns. Cookies may be used on our website to monitor web traffic, for example the time of visit, pages visited and some system information about the type of computer being used. We use this information to enhance the content and services offered on our website.

    5.7 Cookies are sometimes also used to collect information about what pages you visit and the type of software you are using, and other purposes from time to time. If you access our website or click-through to our website from a link in an email we send you, a cookie may be downloaded onto your computer's hard drive.

    5.8 You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.

    5.9 If you disable the use of cookies on your web browser or remove or reject specific cookies from our website or linked sites then you may not be able to gain access to all of the content and facilities in those websites.

    Web Beacons

    5.10 Web beacons are images that originate from a third party site to track visitor activities. We use web beacons to track the visiting patterns of individuals accessing our website.

    Interaction data

    5.11 We collect and use all data and metadata produced by collected data or interactions with Bank First, our devices, our website, or our technology for purposes such as data analysis, improving service quality and improving product features. We may use this information generally for our business functions and activities, including providing support to our merchants, improving service quality, improving product features, and for use in connection with potential future products.

    Third party content (eg social media links)

    5.12 Some of the content on our website may include applications made available by third parties, such as social media buttons or links that allow you to share content or links to our website through the relevant third party platforms. These third party applications themselves may facilitate collection of information by those third parties, through your interaction with the applications and sometimes even if you do not interact directly with them. We are not responsible for the technical operation of these applications or the collection and use practices of the relevant third parties. Please visit the relevant third party websites to understand their privacy practices and options they may make available to you in relation to their collection of your Personal Information.

    6. How do we use your Personal Information?

    6.1 We use the Personal Information we collect about you for our business functions and activities, in order to operate our business efficiently, and to market our products and services for the benefit of our customers.

    6.2 We may collect, hold and use your Personal Information for the purposes set out below.

    Purpose

    Examples of why we collect and hold your Personal Information

    Provide our products and services

    provide you with and manage the products and services you have with us directly or with the support of third parties;

    provide and manage products and services to our business and corporate customers and the use of the products and services by their customers;

    answer your questions and resolve your complaints;

    assist you when an online application is not completed;

    assess your application (including eligibility) for a product or service;

    information regarding your interactions with us, including but not limited to when you visit our website (see section 5 of this Privacy Policy); and/or

    where you agree or we are permitted by law, we may collect sensitive information about you to provide extra care if you are a vulnerable customer.

    Administering our products and services

    maintaining the products and services you have with us;

    support vulnerable customers in the management of their product or service;

    making and managing payments and transactions, fees, charges and interest connected to your products and services;

    to enforce our rights under the contracts we have with you

    to assess your financial hardship application and maintain any hardship arrangement we agree with you;

    managing complaints or feedback you may raise with us;

    as part of a sale or transfer of assets or other corporate transaction;

    to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you; and/or

    for business support services including maintenance, backup and audit.

    Security, fraud prevention, verification etc.

    verify your identity;

    verify aspects of your financial situation in connection with assessing your application or an application of a business or corporate customer;

    undertaking fraud monitoring and identification, and fraud analysis, risk assessment and fraud risk management;

    investigating, reviewing, responding to and informing affected individuals of data breaches involving their personal information; and/or

    identify, detect and respond to scams.

    Legal and regulatory compliance

    comply with our legislative and regulatory requirements (both in Australia and overseas); and/or

    share information with law enforcement, regulators and government agencies, including foreign government agencies as permitted by law.

    Promote and market our products and services

    direct marketing; and/or

    providing you information we believe you may be interested in receiving regarding Bank First, our clients, and our business partners.

    Improve our services and for new product development

    enhance our products or services;

    enhance goods and services from our suppliers and subcontractors;

    conduct research (for example to understand your needs and the needs of our customers generally);

    to create new products or services; and/or

    maintaining and developing our business systems and infrastructure.

    Other business activities such as research, recruitment and other investigations

    providing for safety and security of workers and onsite visitors;

    personalising your experiences on our website;

    for data analytics which we may use generally for our business functions and activities, including improving service quality, improving product features, and for use in connection with potential future products;

    managing our business operations (including business support such as maintenance, backup and audit);

    assessing and processing job applications; and/or

    for shareholder/investor management and administration, and to submit applications to, or respond to enquiries from, corporate regulators.

    6.3 The below sets out the additional purposes for credit products.

    Purpose

    Examples of why we collect and hold your Personal Information

    To help you obtain credit

    assess your application and establish your eligibility for credit;

    enable a proposed guarantor to assess whether they wish to act as your guarantor;

    obtain credit eligibility information about you from a credit reporting body to enable us to assess your creditworthiness (please see section 12 of this Privacy Policy);

    if you are a proposed guarantor, to determine whether the borrower will be eligible for a loan if you act as a guarantor, take the guarantee, and administer that guarantee; and/or

    where you agree or where we are permitted by law, we may collect sensitive information about you to meet our responsible lending obligations.

    To manage your credit product

    enable you to give a guarantee;

    assist you in avoiding default;

    manage and maintain credit accounts for the provision of goods or services on credit;

    carry out credit checks and credit reporting;

    carry out checks on the PPSR (which may involve a disclosure to the PPSR operator) to confirm your business' details including ACN or ABN where you have applied for credit;

    where you agree or where we are permitted by law, we may collect sensitive information about you to meet our responsible lending obligations;

    seek updates on whether payments are made on time or overdue;

    reporting of missed payments exceeding the applicable threshold where the account is in arrears.

    seek information about new credit accounts and closures of existing facilities; and/or

    for financial hardship arrangements;

    Other

    enable us to obtain lenders mortgage insurance which protects the lender if a borrower is unable to meet their mortgage repayments; and/or

    assess your application to act as guarantor in connection with another person’s application for credit.

    6.4 We may aggregate information including Personal Information for reporting, statistical and analysis purposes, and for business, product and service improvement purposes. This allows us to better inform ourselves and anticipate our customers' preferences and requirements, and to monitor and improve the effectiveness of our business, products and services. We may also de-identify information for inclusion in such aggregated databases or reports.

    6.5 We reserve the right at all times to monitor, review, retain, and/or disclose any information as necessary to satisfy any applicable law. However this will be at our discretion, and nothing in this Privacy Policy requires us to monitor the use of the website or to retain the content of any specific user session.

    6.6 You consent to us using your Personal Information in the above ways and as set out in this Privacy Policy.

    6.7 We may otherwise collect, use or disclose your Personal Information where the collection, use or disclosure is:

    • (a) in accordance with this Privacy Policy or any agreement you enter into with us; or

    • (b) required or authorised by law, including without limitation the Australian Privacy Principles under the Privacy Act 1988 (Cth).

    7. When do we disclose your Personal Information and to who?

    7.1 Bank First may disclose, or provide access to, your Personal Information to third parties in connection with the purposes described in section 6 of this Privacy Policy. Depending on the circumstances and the nature of your engagement with us, we may disclose your Personal Information to our related entities, to third parties that provide products and services to us or through us, or to other third parties (such as your referee(s) in connection with a job application you have submitted).

    7.2 We may also disclose your Personal Information to:

    Entity

    When we disclose Personal Information

    Other parts of our organisation

    for business needs to our internal teams and business units, and our related companies.

    Other financial institutions

    other banks, superannuation funds (such as when you request rollover to another fund), stockbrokers, custodians, fund and investment managers, and service providers who process your transactions, arrange refunds and provide other payments services;

    payer's financial institutions (and their customers who seek to make payments to you) for the purpose of providing the Confirmation of Payee service to their customers, and prior to making payments to you, to prevent scams and mistaken payments. See our Internet Banking terms and conditions and Terms and Conditions Part A – Product Information for more details including opt-out availability;

    payment systems operators for the purpose of managing transactions through those payment systems (for example, operators of payment networks for managing credit or debit card payments, the BPAY scheme entity and any agent appointed to provide the electronic systems of the BPAY scheme);

    Superannuation Transaction Network gateway operators

    market operators and providers of clearing and settlement platforms (e.g. ASX in the context of CHESS holding statements and notifications); and/or

    participants in payment systems and other parties who are involved with the processing of transactions (such as credit or debit card issuers, merchant terminal providers (for example, the providers of debit or credit card terminals in retail shops), digital wallet providers or mobile payment applications and banking or payment service providers).

    Our other supply chain partners and vendors

    third parties who supply us goods and services or assist us in providing products and services to you;

    document issuers or official record holders;

    insurers and re-insurers, where insurance is provided in connection with our services to you;

    debt collecting agencies;

    state or territory authorities that give assistance to facilitate the provision of home loans to individuals;

    third parties that require access to Personal Information, merchant and transactional data to carry out audits of Bank First in connection with our provision of products and services;

    third parties who help us administer our business (such as data storage or processing (including in cloud based data storage facilities or through cloud computing service providers), printing, mailing, marketing, planning and product or service development);

    banks, lenders, valuers, insurers, brokers and other IT service providers;

    medical providers including medical and rehabilitation practitioners for assessing and managing workplace insurance claims; (in respect of our employees);

    employment agencies (in respect of candidates or employees they have supplied or may supply to us); and/or

    purchasers of bad debt owed to Bank First, to allow those purchasers to recover those debts.

    Our professional advisors

    who provide advice or perform functions on our behalf, such as lawyers, auditors and business consultants.

    Your nominated representatives

    for example, lawyer, mortgage broker, financial advisor or attorney, as authorised by you.

    law enforcement, regulatory and government bodies

    such as regulatory authorities, law enforcement agencies, and other authorities or organisations as required or authorised by law (such as AUSTRAC, the ATO, ASIC, DHHS and the Police).

    Registry of security interests

    Commonwealth, State or Territory registers of security interests, such as the Personal Property Securities Register.

    Divestment

    as we continue to develop our business, we may buy, invest in, merge or partner with other companies or organisations, and in so doing, acquire customer Personal Information. In such transactions, Personal Information may be among the transferred assets. Similarly, in the event that a portion or substantially all of our business or assets are sold or transferred to a third party, or new investments are made in Bank First, we may also disclose certain information including your Personal Information to a purchaser, potential purchaser, or potential investor in connection with the sale, potential sale, or investment, of us, our business or any of our assets, including in insolvency.

    7.3 The below sets out the additional reasons we disclose information to third parties for our credit products.

    Entity

    When do we disclose information

    Credit reporting bodies

    for the assessment of your financial position in relation to your application for credit and the ongoing management of a credit product or guarantee;

    notification when an individual applies for credit with us;

    updates on whether payments are made on time or overdue;

    reporting of missed payments exceeding the applicable threshold where the account is in arrears;

    information about new credit accounts and closures of existing facilities; and/or

    where required, financial hardship arrangements under the relevant credit reporting framework.

    Other loan parties

    other borrowers as part of the application process and to administer the product.

    Your nominated representatives

    your representatives (including your legal adviser, accountant, mortgage or finance broker, and financial adviser) where you have agreed to this sharing;

    those involved in the administration of your account including services licence holders, executors, administrators, guardians, trustees, nominated beneficiaries or attorneys; and/or

    your proposed guarantor(s) for them to assess if they wish to act as your guarantor(s).

    Your employer

    to verify your employment and income, for example, in connection with a loan application.

    Debt collectors, purchasers and other lenders

    where permitted by law, to debt collectors to collect any outstanding amounts you owe to us or other lenders, such as where you have given mortgage security over the same property to us and another lender; and/or

    debt purchasers who purchase or may purchase your debt from us to facilitate the negotiation and pricing of the investment in and/or sale of your debts/loan.

    Other

    lenders mortgage insurers to enable them to assess the risk of providing insurance to us in respect of your credit product and to administer any claims;

    State or Territory Land Registry Services or real property registers;

    conveyancing services; and/or

    Government entities, including Housing Australia, for the purpose of meeting reporting requirements, overseeing, managing and conducting any investigations in relation to the Australian Government’s Home Guarantee Scheme.

    8. Interstate and Overseas disclosures

    8.1 We are a national organisation and may collect, use and disclose Personal Information generally within Australia (including between states and territories).

    8.2 Some of your Personal Information may also be disclosed, transferred, stored, processed or used overseas by us, or by third party service providers. This may happen if:

    • (a) our related entities are overseas;

    • (b) we outsource certain activities overseas;

    • (c) transactions, information, services or products have an overseas connection; or

    • (d) our computer systems (including third party IT service providers we may use from time to time) including IT servers are located overseas.

    8.3 You consent to the collection, use, storage, and processing of your Personal Information outside of Australia as set out in this Privacy Policy.

    8.4 In particular, your Personal Information may be disclosed to third parties in United States of America, the United Kingdom, countries within Europe, and such other countries or regions, in which those parties or their, or our, computer systems may be located from time to time, where it may be used for the purposes described in this Privacy Policy.

    9. Other uses and disclosures

    9.1 We may collect, use and disclose your Personal Information for other purposes not listed in this Privacy Policy. If we do so, we will take reasonable steps to make it known to you at the time we collect or use your Personal Information.

    10. Marketing

    10.1 You consent to us using your Personal Information for sending you information, including promotional material, about us or our products and services, as well as the products and services of our related entities and third parties, now and in the future. You also consent to us sending you such information by means of direct mail, email, SMS and MMS messages.

    10.2 If you do not want to receive marketing information from us, you can unsubscribe in any of the following ways:

    • (a) clicking on the 'Unsubscribe' or subscription preferences link in a direct marketing email that you have received from us; or

    • (b) contacting us using the contact details specified in section 16 of this Privacy Policy.

    11. Storage and security of Personal Information held by us

    11.1 We take reasonable steps to ensure that your Personal Information (including credit-related information), held on our website or otherwise, is protected from:

    • (a) misuse, interference and loss; and

    • (b) unauthorised access, disclosure or modification.

    11.2 Your Personal Information may be held by us in paper or electronic form. All Personal Information is stored within secure systems which are in controlled facilities. There are restrictions on who may access Personal Information and for what purposes. Our employees, contractors, service providers and authorised agents are obliged to respect the confidentiality of Personal Information held by us.

    11.3 If we suspect or believe that there has been any unauthorised access to, disclosure of, or loss of, Personal Information held by us, we will promptly investigate the matter and take appropriate action. This may include actions in relation to notifiable data breach obligations that are in force under the Privacy Act.

    11.4 We ask you to keep your passwords, Personal Information numbers, and tokens and other devices safe, in accordance with our suggestions.

    11.5 You can also help to keep the Personal Information that we hold about you secure by taking care before you authorise or otherwise assist any third party to obtain or gain access to that information (see ‘Disclosure’ above). You should never provide or disclose any of your passwords or personal identification numbers to any third party to enable the third party to obtain or access to your Personal Information. If you do, you may breach the ePayments Code and the terms and conditions applying to the products and services we provide to you, and you may be liable for any unauthorised transactions that subsequently occur.

    11.6 When we no longer require your Personal Information (including when we are no longer required by law to keep records relating to you), we may de-identify it or remove it from our systems and destroy all record of it.

    12. Credit Reporting Policy

    12.1 How this section applies to you

    • (a) This part of the Privacy Policy explains how we collect, use disclose and hold credit-related information about you.

    • (b) All sections of this Privacy Policy apply to the credit-related information we collect and hold about you. However, this section 12 of this Privacy Policy provides additional details specifically regarding credit-related information. This section will only apply if you are engaged with us in relation to credit products, such as credit cards, personal loans, or home loans. It does not apply to you if you are not involved with us in relation to these credit products.

    12.2 Credit-related information we collect, hold and use

    • (a) Credit-related information includes both credit and credit-eligibility information (as defined in section 2.1 of this Privacy Policy).

    • (b) The types of credit-related information that we collect (including credit information, CP derived information, and credit eligibility information) are specified in section 2.1 (see CP derived information, Credit eligibility information and Credit information) of this Privacy Policy.

    • (c) Generally, we collect credit-related information from you directly but we also collect it from third parties who provide credit reports. The information specified at section 2.1 of this Privacy Policy sets out the kinds of credit-related information we collect from credit reporting bodies.

    12.3 How and why we use and disclose your credit-related information

    (a) We collect, use, disclose and store credit-related information about you to allow us to sell our products and services and to conduct our business.

    (b) We use this information in the same way as we use your Personal Information and credit-related information as set out at section 6.3 of this Privacy Policy and further below in this section 12.3.

    (c) Bank Firstmay disclose, or provide access to, your Personal Information and credit-related information to third parties in connection with the purposes described in section 6.3 of this Privacy Policy.

    (d) Section 7.3 of this Privacy Policy specifies additional detail of why we disclose your credit-related information to and to who.

    (e) Additionally, we may also disclose your personal information (including credit-related information) to an individual or an organisation (a ‘third party’) if:

    • (i) you direct us to do so;

    • (ii) you consent to the third party obtaining the information from us; or

    • (iii) you consent to the third party accessing the information on our systems, and/or do anything which enables the third party to obtain access.

    (f) If you apply for any kind of credit with us or offer to act as guarantor for any of our customers (Information Request), we will share your Personal Information and your credit-related information with credit reporting bodies, and/or we will collect your credit-related information from credit reporting bodies. This is done for the purpose of determining your eligibility for credit (or your suitability to act as guarantor), and we may assess or rate your suitability for credit (or to act as a guarantor).

    (g) Please note that:

    • (i) your consent is not required for an Information Request;

    • (ii) a record of Information Requests may be used by, and as relevant, disclosed to credit reporting bodies or credit providers for the purpose of assessing your creditworthiness. This may include the calculation of a credit score or credit rating, subject to any limitations on use or disclosure under applicable laws, regulations, or the Privacy (Credit Reporting) Code; and

    • (iii) generally, when a credit reporting body records an Information Request related to your application for credit, this may impact your credit score or rating. For instance, the presence of multiple recent credit applications could have a short-term negative impact on your credit score, as it may be viewed as an indicator of increased credit risk.

    (h) The information we access includes your repayment history information, which shows whether you have a history of making required payments on time (and whether any have been made after they are due), and financial hardship information.

    (i) Credit reporting bodies may include your Personal Information and credit-related information, including information we provide them in relation to the credit products you have with us, in reports that they provide to other credit providers to assist those providers in assessing your creditworthiness (such as when you have applied for a loan from the provider).

    (j) If you fail to meet your payment obligations in relation to consumer credit, or enter a financial hardship arrangement in relation to credit to which the National Consumer Credit Protection Act 2009 (Cth) applies, we are required to disclose this to credit reporting bodies. If you commit a serious credit infringement, such as obtaining credit by fraud, we may also disclose this to a credit reporting body.

    (k) We may also use your credit-related information to assist you during hardship, or to assess whether to securitise your loans, or for mortgage products to enable a provider of lenders mortgage insurance to assess the risk of providing insurance. To facilitate these uses, we may share your credit-related information with potential securitisation and funding partners and providers of lenders mortgage insurance, including to assist them with administering those arrangements.

    12.4 Refusal of credit application

    We may refuse an application for consumer credit made by you individually or with other applicants. Our refusal may be based on credit eligibility information obtained from a credit reporting body about either you, another applicant or another person proposed as guarantor. In that case, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.

    12.5 Credit reporting bodies we use

    The credit reporting bodies we use, and their contact details are as per the below. For information on how those bodies manage credit-related information, please see the privacy policies available on their website.

    Credit reporting body

    Phone

    Website

    Equifax Australia Information Services and Solutions Pty Limited

    13 83 32

    www.equifax.com.au

    13. You can access and update your Personal Information

    13.1 You are generally entitled to access Personal Information that we hold about you. If you request access to your Personal Information, in ordinary circumstances we will give you full access to your Personal Information. Depending on the nature of the request, Bank First may charge for providing access to this information, however such charge will not be excessive. However, there may be some legal or administrative reasons to deny access. If we refuse your request to access your Personal Information, we will provide you with reasons for the refusal where we are required by law to give those reasons.

    13.2 You can access and correct some of your Personal Information by loging into your account and updating or editing that information at any time. Alternatively, a request for access or correction can be made by contacting our customer support team by telephone or our Privacy Officer by email as specified in section 16 of this Privacy Policy.

    13.3 We take all reasonable steps to ensure that any Personal Information we collect and use is accurate, complete and up-to-date. To assist us in this, you need to provide true, accurate, current and complete information about yourself as requested, and properly update the information provided to us to keep it true, accurate, current and complete.

    13.4 Please contact us in any of the ways specified in section 16 of this Privacy Policy if you believe that the Personal Information is inaccurate, incomplete or out of date, and we will use all reasonable efforts to correct the information.

    13.5 It would assist us to ensure we properly understand your request, and allow us to respond more promptly, if requests are made in writing and include as much detail as possible.

    14. How do we deal with complaints about privacy?

    14.1 If you have any questions, concerns or complaints about this Privacy Policy, or our handling of your personal information (including credit-related information), please contact our Privacy Officer whose details are in section 16 of this Privacy Policy. You can also contact the Privacy Officer if you believe that the privacy of your personal information has been compromised or is not adequately protected.

    14.2 Bank First welcomes and values feedback and complaints, and is committed to managing and resolving complaints and disputes through action. You can lodge a complaint online, email, phone, social media, letter, or in person. Further information about our Complaint and Dispute Resolution process can be found on our website, bankfirst.com.au, by contacting us on 1300 654 822 or +61 3 4053 5555, or when you next visit our branches.

    14.3 We will manage your complaint with objectivity and fairness, and aim to resolve it as quickly as possible. We will keep you informed of our progress and advise you if we cannot resolve your complaint within 21 days.

    14.4 If you are still not satisfied, you can contact external bodies that deal with privacy complaints. These are the Australian Financial Complaints Authority, which is our external dispute resolution scheme, and the Office of the Australian Information Commissioner, both are free for customers to access. Either of these bodies may forward your complaint to another external dispute resolution body if it considers the complaint would be better handled by that other body.

    15. Updates to this Privacy Policy

    15.1 We may, from time to time, review and update this Privacy Policy, including to take into account new laws, regulations, practices and technology. All Personal Information held by us will be governed by our most recent Privacy Policy, posted on our website at: https://www.bankfirst.com.au/privacy-policy. Any changes to this Privacy Policy may be advised to you by updating this page on our website. We will aim to provide reasonable advance notice of such changes though this may not always be possible depending on the circumstances. We encourage you to check this page from time to time for any changes.

    16. What to do if you have a question, problem or complaint, or want to contact us about our use of your Personal Information or this Privacy Policy

    16.1 If you:

    • (a) have a query or concern about this Privacy Policy or our Personal Information handling processes

    • (b) wish to make a complaint in relation to a breach of your privacy

    • (c) would like to access your Personal Information held by us

    • (d) would like to update or correct your Personal Information held by us, or

    • (e) would like to opt out of direct marketing,

    please contact us in any of the following ways:

    Address: PO Box 338, Camberwell VIC 3124
    Feedback email: feedback@bankfirst.com.au
    Information email:
    info@bankfirst.com.au

    17. Important Information

    Privacy Policy last updated: 2 June 2025

    © Copyright exists in this document

Victoria Teachers Limited trading as Bank First (ACN 087 651 769) ('we', 'us', 'our') is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act).  We are also bound by Division 3 of Part IIIA of the Privacy Act, which regulates the handling of credit information, credit eligibility information and related information by credit providers, and by the Privacy (Credit Reporting) Code 2014. 

This Privacy Policy outlines how we deal with your personal information (including credit-related information), as well as our legal obligations and rights as to that information.  If we agree with you to use or disclose any of your personal information in ways which differ to those stated in this Privacy Policy, the provisions of that agreement will prevail to the extent of any inconsistency.

 

1. Key types of information

Certain words have special meanings when used in this Privacy Policy. These are shown below.

"Personal information" means information or an opinion about an identified individual or an individual who is reasonably identifiable. Although we try to make sure that all information we hold is accurate, "personal information" also includes any inaccurate information about an individual.

"Credit eligibility information" means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about an individual's credit worthiness.

"Credit information" means personal information that includes the following:

  • information about an individual, like their name, age, address and employment details, that we may use to identify that individual

  • information about an individual's current or terminated consumer credit accounts and their repayment history

  • financial hardship information

  • the type and amount of credit applied for in any previous consumer or commercial credit applications to any credit provider, where that credit provider has requested information 

  • information about an individual from a credit reporting body 

  • information about consumer credit payments overdue for at least 60 days and for which collection action has started

  • advice that payments that were previously notified to a credit reporting body as overdue are no longer overdue

  • information about new credit arrangements an individual may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any defaults or serious credit infringements by that individual

  • information about court judgments which relate to credit that an individual has obtained or applied for

  • information about an individual on the National Personal Insolvency Index

  • publicly available information about an individual's credit worthiness, and 

  • an opinion of a credit provider that an individual has committed a serious credit infringement of credit provided by that credit provider.

We may not hold all of these kinds of information about a particular individual. However, if we hold any of these kinds of information, it is protected as "credit information" under this Privacy Policy. 

"Credit-related information" means credit information, credit eligibility information and related information.

 

2. Collection

We may collect personal information from you by various means including in-person, by telephone, using video conferencing, by email, by letter, and through our website, social media channels, and mobile apps.    

Wherever possible, we will collect personal information (including credit-related information) directly from you.  This information will generally come from what you provide in or with your applications for membership and/or for our products or services. 
 
We only ask for personal information relevant to our business relationship with you. When you apply for one of our products or services, we may request:

  • identifying information, like your name, address and other contact details and your date of birth

  • information about your financial position, like your income, expenses, savings and assets and any (other) credit arrangements

  • your employment details

  • your tax residency details and taxpayer identification number (including tax file number), and

  • your reasons for applying for a product or service.

We may also collect personal information (including credit-related information) about you from third parties, such as any referees that you provide, your employer, other credit providers and third party service providers including credit reporting bodies.  Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers and others in the credit industry to assist them in managing credit risk, collecting debts and other activities. You can also ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.

Some information is created through our internal processes, like credit eligibility scoring information.

 

3. Use

We may use your personal information (including credit-related information) for the purpose of providing products and services to you and managing our business.  This may include:

  • assessing and processing your application for the products and services we offer

  • establishing and providing our systems and processes to provide our products and services to you 

  • executing your instructions

  • charging and billing

  • uses required or authorised by law

  • maintaining and developing our business systems and infrastructure

  • research and development

  • collecting overdue payments due under our credit products

  • managing our rights and obligations regarding external payment systems, and

  • marketing, including direct marketing.

We do not use (or disclose) your personal information (including credit-related information) for a purpose other than:

  • a purpose set out in this Privacy Policy

  • a purpose you would reasonably expect

  • a purpose required or permitted by law, or

  • a purpose otherwise disclosed to you to which you have consented. 

 

4. Disclosure

We may disclose your personal information (including credit-related information) to other organisations, for example:

  • our related companies

  • external organisations that are our assignees, agents or contractors

  • external service providers to us, such as organisations which we use to verify your identity, payment systems operators, mailing houses and research consultants

  • insurers and re-insurers, where insurance is provided in connection with our services to you

  • superannuation funds, where superannuation services are provided to you

  • other financial institutions, for example, when you apply for a loan from another credit provider and you agree to us providing information

  • credit reporting bodies, including disclosing that you are in default under a credit agreement or commit a serious credit infringement, if that is the case  

  • lenders' mortgage insurers, where relevant to credit we have provided

  • debt collecting agencies, if you have not repaid a loan as required

  • our professional advisors, such as accountants, lawyers and auditors

  • state or territory authorities that give assistance to facilitate the provision of home loans to individuals

  • certain entities that have bought or otherwise obtained an interest in your credit product, or that are considering doing so, and their professional advisors

  • any organisation with which we are considering merging

  • your representative, for example, lawyer, mortgage broker, financial advisor or attorney, as authorised by you, or

  • if required or authorised by law, to government and regulatory authorities.

We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.

We may disclose your personal information (including credit-related information) overseas. The countries where we are likely to disclose your personal information (including credit-related information) include the United States of America, the United Kingdom and countries within Europe.  However, if we do disclose this information outside Australia, we will do so on the basis that the information will be used only for the purposes set out in this Privacy Policy.

We may also disclose your personal information (including credit-related information) to an individual or an organisation (a ‘third party’) if:

  • you direct us to do so

  • you consent to the third party obtaining the information from us, or

  • you consent to the third party accessing the information on our systems, and/or do anything which enables the third party to obtain access. 

Your consent to a third party obtaining or accessing information may be implied from:

  • your use of any service or application which a third party provides to you, or makes available to you, which involves the third party obtaining or accessing personal information held by us or organisations like us, or

  • you doing anything else which enables the third party to obtain access to the information.

The Consumer Data Right gives you the right to: 

  • access some of the data (including personal information) held about you by us and by other data holders (‘CDR Data’);

  • consent to an accredited third party accessing your CDR Data held by us; and

  • consent to us accessing your CDR Data held by another data holder. 

We have a policy about our management of CDR Data which is available through our website. You can also get an electronic or hard copy from us on request. 

 

5. Sensitive information

Where it is necessary to do so, we may collect personal information about you that is sensitive.  Sensitive information includes information about an individual's health, and membership of a professional or trade association.

Unless we are required or permitted by law to collect that information, we will obtain your consent.  However, if the information relates directly to your ability to meet financial obligations that you owe to us, you are treated as having consented to its collection.

 

6. Refusal of credit applications

We may refuse an application for consumer credit made by you individually or with other applicants. Our refusal may be based on credit eligibility information obtained from a credit reporting body about either you, another applicant or another person proposed as guarantor. In that case, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.

 

7. Security 

We take all reasonable steps to ensure that your personal information (including credit-related information), held on our website or otherwise, is protected from:

  • misuse, interference and loss, and 

  • unauthorised access, disclosure or modification.  

Your personal information may be held by us in paper or electronic form.  All personal information is stored within secure systems which are in controlled facilities.  There are restrictions on who may access personal information and for what purposes.  Our employees, contractors, service providers and authorised agents are obliged to respect the confidentiality of personal information held by us.

If we suspect or believe that there has been any unauthorised access to, disclosure of, or loss of, personal information held by us, we will promptly investigate the matter and take appropriate action, and we will comply with any obligations in relation to notifiable data breaches that are in force under the Privacy Act.

We ask you to keep your passwords, personal identification numbers, and tokens and other devices safe, in accordance with our suggestions. 

You can also help to keep the personal information that we hold about you secure by taking care before you authorise or otherwise assist any third party to obtain or gain access to that information (see ‘Disclosure’ above). You should never provide or disclose any of your passwords or personal identification numbers to any third party to enable the third party to obtain or access to your personal information.  If you do, you may breach the ePayments Code and the terms and conditions applying to the products and services we provide to you and you may be liable for any unauthorised transactions that subsequently occur. 
  
When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we take reasonable steps to ensure that it is destroyed or de-identified.

 

8. Website 

This section explains how we handle personal information (including credit-related information) collected from our website. If you have any questions or concerns about transmitting your personal information via the internet, you may contact our Privacy Officer, whose details are in paragraph 14 of this Privacy Policy, as there are other ways for you to provide us with your personal information.



Visiting our website

Anytime you access an unsecured part of our website, that is, a public page that does not require you to log on, we will collect information about your visit, such as:

  • the time and date of the visit

  • any information or documentation that you download

  • your browser type, and

  • internet protocol details of the device used to access the site.

Our website may also include calculators, which may require you to enter your personal details. If you save the data you enter on the calculator, this information will be stored.



Cookies

A "cookie" is a small text file which is placed on your internet browser and which we may access each time you visit our website. When you visit the secured pages of our website (i.e. pages that you have to provide login details to access) we use cookies for security and personalisation purposes. When you visit the unsecured pages of our website (i.e. public pages that you can access without providing login details) we use cookies to obtain information about how our website is being used.

You may change the settings on your browser to reject cookies, but doing so might prevent you from accessing the secured pages of our website.

We have a policy about our use and management of cookies which is available through our website.



Security

We use up-to-date security measures on our website to protect your personal information (including credit-related information). Any data containing personal, credit or related information which we transmit via the internet is encrypted. However, we cannot guarantee that any information transmitted via the internet by us, or yourself, is entirely secure. You use our website at your own risk.



Links on our website

Our website may contain links to third party websites. The terms of this Privacy Policy do not apply to external websites. If you wish to find out how any third parties handle your personal information (including credit-related information), you will need to obtain a copy of their privacy policy.

 

9. Access

You may request access to the personal information (including credit-related information) that we hold about you at any time from our Privacy Officer whose details are in paragraph 14 of this Privacy Policy.  

We will respond to your request for access within a reasonable time.  If we refuse to give you access to any of your personal information, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. You can contact our Privacy Officer if you would like to challenge our decision to refuse access.

We may recover the reasonable costs of our response to a request for access to personal information.

 

10. Accuracy and Correction

We take reasonable steps to make sure that the personal information (including credit-related information) that we collect, hold, use or disclose is accurate, complete and up-to-date.  However, if you believe your information is incorrect, incomplete or not current, you can request that we update the information by contacting our Privacy Officer whose details are in paragraph 14 of this Privacy Policy.

 

11. Marketing

Where we are permitted to do so by law, we may use your personal information, including your contact details, to provide you with information about products and services, including those of other organisations, which we consider may be of interest to you, unless you request not to receive marketing communications. If you are on the Do Not Call Register, while you are our customer we will infer from our relationship with you that you consent to receiving telemarketing calls from us, unless you notify us that you do not wish to receive such calls.

You may request, at any time, not to receive marketing communications or not to receive them through a particular channel, like email.  You can make this request by contacting our Privacy Officer whose details are in paragraph 14 of this Privacy Policy, or by 'unsubscribing' from our email marketing messages, which always include an unsubscribe option.

Unless we have first obtained your consent, we will not provide your personal information to other organisations to use for their marketing purposes.

To help us reach the right people with our credit marketing communications, we may ask a credit reporting body to "pre-screen" a list of potential recipients of our marketing communications against our eligibility criteria to remove recipients who do not meet those criteria. The credit reporting body cannot use information about your existing loans or repayment history in carrying out its pre-screening and it must destroy its pre-screening assessment once it has given us, or a contractor acting on our behalf, the list of eligible recipients. If you do not want your credit information used for pre-screening by a credit reporting body that holds credit information about you, you can opt-out by informing that credit reporting body, whose contact details are on their website. 

 

12. Changes to the Privacy Policy

We may make changes to this Privacy Policy from time to time (without notice to you) that are necessary for our business requirements or the law.  Our current Privacy Policy is available on our website.  

 

13. Questions and complaints

If you have any questions, concerns or complaints about this Privacy Policy, or our handling of your personal information (including credit-related information), please contact our Privacy Officer whose details are in paragraph 14 of this Privacy Policy.  You can also contact the Privacy Officer if you believe that the privacy of your personal information has been compromised or is not adequately protected.
  
Bank First welcomes and values feedback and complaints, and is committed to managing and resolving complaints and disputes through action. You can lodge a complaint online, email, phone, social media, letter, or in person. Further information about our Complaint and Dispute Resolution process can be found on our website, bankfirst.com.au, by contacting us on 1300 654 822 or +61 3 4053 5555, or when you next visit our branches.
 
We will manage your complaint with objectivity and fairness, and aim to resolve it as quickly as possible.  We will keep you informed of our progress and advise you if we cannot resolve your complaint within 21 days.

If you are still not satisfied, you can contact external bodies that deal with privacy complaints. These are the Australian Financial Complaints Authority, which is our external dispute resolution scheme, and the Office of the Australian Information Commissioner, both are free for customers to access. Either of these bodies may forward your complaint to another external dispute resolution body if it considers the complaint would be better handled by that other body.

Australian Financial Complaints Authority
Post: GPO Box 3 Melbourne VIC 3001
Telephone: 1800 931 678
Website: www.afca.org.au

Office of the Australian Information Commissioner
Post: GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
Website: www.oaic.gov.au

 

14. Privacy Officer

Our Privacy Officer's contact details are: 
Address: PO Box 338, Camberwell VIC 3124
Feedback email: feedback@bankfirst.com.au
Information email: info@bankfirst.com.au

Important Information

Privacy Policy last updated : 15 June 2022
© Copyright exists in this document