Deutsche Bank comprises Deutsche Bank AG (ARBN 13 064 164 162) and its Australian subsidiaries, including Deutsche Australia Limited (“Deutsche Bank”, “we” or “us”).
At Deutsche Bank we recognise that one of our fundamental responsibilities is to ensure that we protect the information entrusted to us by our clients, our website visitors, our contractors, staff and all those with whom we communicate or otherwise interact. This is critical not only for the maintenance of Deutsche Bank’s reputation but also to meet the extensive legal and regulatory requirements which are imposed upon us, to safeguard our customers and to maintain orderly markets. It is important that our information handling processes are clear and transparent.
This policy does not apply to certain types of information which are not covered by the Privacy Act, including certain employee records in relation to our current or former employees. However, where you are a current or former employee and the personal information which we have collected about you is within the scope of the Privacy Act, this Policy applies to that personal information.
If you have entered into, or been provided with, a collection statement or if you have submitted personal information to us or agreed other terms and conditions which contain specific provisions relating to how we handle your personal information (“Other Terms”) those Other Terms apply together with this Policy.
We may update this Policy from time to time to reflect Deutsche Bank’s current information handling practices. When we do so, the updated Policy will be available on this Deutsche Bank Australia website (“Site”). We will endeavour to take reasonable steps to bring any material changes to this Policy to your attention (including by updating this Site and, where appropriate, notifying you directly). However, we recommend that you regularly visit our Site and review our Policy to ensure that you understand the terms that apply at the relevant time.
What is personal information?
Personal information is defined in the Privacy Act, and means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Sensitive information is a subset of personal information which includes (for example) information about an individual’s race or ethnicity, political or religious beliefs, sexual preferences, criminal record or health information.
Why do we collect, store and use your personal information?
We only collect personal information that is reasonably necessary for us to conduct and operate our business and provide our services. We may also collect personal information for other reasons in accordance with applicable law (for example where this is necessary as part of our, or a third party’s, statutory or public functions, or where the law permits or requires us to do so).
The purpose for which we usually collect, store and use personal information will depend on the nature of your interaction with us, and the types of services we offer or provide to you. This may include information we need to:
- deliver products, services, information or advice to you or to an organisation you work for;
- maintain a business relationship with you (for example, if you are a service provider, contractor or supplier);
- enable us to assist you in using our products and services;
- improve our operations, products and services (including to conduct quality control of our products, services and communications with you, and handle and respond to complaints);
- better understand your preferences in respect of our products and services;
- assess your suitability for employment with us or your engagement to provide services to us as an independent contractor;
- manage our relationship with you if you are an employee or contractor or otherwise engaged by us;
- conduct data analytics activities (including to understand consumer trends, improve the products and services we offer and develop new products and services); and
- fulfil our legal and regulatory obligations.
What personal information do we collect and how do we collect this information?
The types of personal information we collect may include:
- contact details;
- personal details (such as your date of birth);
- business details;
- personal preferences;
- employment history;
- information about the products and services we provide to you;
- online and digital services information (including behavioural information), such as your IP address and details about your device;
- audio recordings (such as when we monitor and record our calls with you, when we call you, or you call us); and
- financial information.
We generally do not need to collect sensitive information (such as religious beliefs, sexual preferences, criminal history) in order to provide our products and services to you, however it may be necessary for us to collect sensitive information from time to time.
As long as it is reasonable and practicable for us to do so, we will only collect personal information about you directly from you. Personal information is collected in a number of ways, including:
- when you visit or use our online services, apply for, enquire about or request services or products;
- when you apply for work or to otherwise perform services at or for Deutsche Bank; or
- when you otherwise contact, do business or interact with us.
In limited circumstances it may be necessary for us to collect information about you from a third party, for example where we need to verify information you have provided to us or to comply with our regulatory obligations or collect information about you when conducting reference checks. We only collect sensitive information directly from you with your consent, or where we are required, authorised or otherwise permitted to collect the information by law.
Can you deal with us anonymously?
You may choose not to provide your personal information, including sensitive information, to Deutsche Bank, or you may choose to deal with us on an anonymous basis (including by the use of a pseudonym) if it is practicable for you to do so. However, in most circumstances it will be illegal and/or impracticable for us to do business or otherwise interact with you, unless you provide us with your personal information.
All emails, instant messages and other electronic communications sent to and from Deutsche Bank (including via third-party applications and services) may be automatically captured and retained in secure digital storage facilities. These communications may be monitored, accessed, reviewed, audited and otherwise used for a variety of supervisory and compliance-related purposes, including to ensure compliance with applicable laws and regulations, Deutsche Bank corporate governance and risk management policies, employee codes of conduct, and other business controls. These communications may also be disclosed to third parties (such as enforcement bodies or regulatory authorities) in appropriate circumstances.
Use and disclosure of personal information
The personal information we collect will generally be used or disclosed only for the purposes for which it was collected and for any other purpose which is related to that primary purpose and for which you might reasonably expect us to use it (including as described in this Policy) or as otherwise permitted by law.
For example, we generally use and disclose your personal information for the purpose of:
- assessing an application;
- establishing, administering, operating and maintaining systems and processes in relation to you so that we can provide products and services you have requested from us;
- managing our relationship with you;
- conducting client satisfaction, staff engagement and other surveys, regarding our products, service and performance;
- for direct marketing (as permitted by applicable law), including to provide you with information about Deutsche Bank’s other products and services as well as information about products and services available from Deutsche Bank’s affiliated entities;
- investigating, preventing or taking action regarding any breach or suspected breach by you of this Policy, or otherwise in the conduct of our business operations (in order to protect our legitimate business interests) or in connection with the rights of any other person;
- responding to a regulatory request, regulatory investigation or other inquiry where a local or foreign regulator, administrative agency or other enforcement body (Regulator) requests the emails, records, or other personal information we hold about you in connection with the Regulator’s functions and activities;
- any purpose explained to you at the time of collection (such as in a specific privacy collection statement or notice) or to which you subsequently consent from time to time, or as otherwise set out in this Policy; and
- where we are otherwise required, authorised or permitted to do so by law, or to a person authorised to act on your behalf.
As Deutsche Bank is part of a large global organisation, we may from time to time transfer personal information to a group company, including a subsidiary, which may be located offshore (see below “Disclosure outside Australia”). We will generally only do this where it is necessary or appropriate to achieve the purposes set out in this Policy (for example, because that group company is responsible for providing systems or services to other group companies like Deutsche Bank).
We may also disclose your personal information to third party service providers, vendors, suppliers and business associates and other third parties in order to conduct and carry out the operation of our business such as:
- third parties who provide services and financing in connection with our products and services;
- information technology vendors who provide technology and data services to us (including third party storage providers);
- professional advisors and consultants (such as legal, insurance and financial advisors); and
- entities conducting marketing and business analysis, such as third party providers undertaking surveys on our behalf.
Disclosure outside Australia
As detailed above, in some circumstances Deutsche Bank may disclose your personal information to entities located outside Australia including our own related bodies corporate, third party service providers and business associates.
There are certain safeguards which must be met before we are allowed to transfer your personal information outside Australia. Generally, we are required to take reasonable steps to ensure your personal information is treated securely and in accordance with applicable privacy laws. In some circumstances we may disclose your personal information to an overseas recipient where you have provided your consent or we are otherwise required or permitted to do so by law.
Deutsche Bank is a global company with operations in many countries across the world. The entities to which your personal information may be disclosed by Deutsche Bank may be located in (without limitation) Germany, Luxembourg, Hong Kong, China, India, the Philippines, Singapore, the United Kingdom and the United States.
Storage and security
Personal information which we hold may be stored by Deutsche Bank or by third party service providers on our behalf. We use up-to-date techniques and processes to ensure the personal information which we hold is secure and is protected from misuse, interference, loss or unauthorised access, modification or disclosure. Access is restricted to employees of the Deutsche Bank group and those who perform services on our behalf, who are authorised to handle personal information.
Stored electronic communications will only be accessed by specific people in defined roles (e.g. supervisors/managers, compliance personnel, legal officers) where it is reasonably necessary for one of the purposes referred to above. Every step of this process is logged in an audit trail, and all copies of electronic communications will be destroyed at the end of the applicable retention period.
We will only keep your personal information for as long as is necessary for the purposes set out in this Policy or as required to comply with any applicable legal obligations. Where personal information we hold is no longer necessary for any purpose for which Deutsche Bank may use or disclose it, we will delete the information or permanently de-identify it, unless we are legally required to keep it.
Using and disclosing personal information for direct marketing (and how to opt out)
We may use or disclose your personal data for direct marketing purposes such as informing you about our services and products, upcoming promotions and events, or other opportunities that may interest you (including the products and services offered by other Deutsche Bank entities), or as otherwise allowed under applicable laws.
We may communicate with you (and we may send electronic messages and tailored advertising to you) using various communication channels, such as email, SMS or social media (including through targeted advertisements on certain websites and social media channels).
If you do not want to receive direct marketing communications from us, you can opt-out at any time by contacting us using the contact details below, using the opt-out facility on the direct marketing communication, or adjusting your device settings and online privacy settings.
If you opt-out of receiving direct marketing material from us, we may still contact you if we are required or permitted by law to do so, or in relation to our ongoing relationship with you.
Use of Website
Deutsche Bank may also collect information about you through your use of the Deutsche Bank Australia website (“Site”). For example we may log the following details when you use the Site: your server address; operating system; top level domain name and the type of browser you use; date and time of your visit to the Site; whether you have visited the Site previously; what pages of the Site you accessed; and, what you download.
Any information we collect through your use of the Site may be used to help us improve the Site by tailoring it to better suit your needs and to provide quicker and more effective access to the various components of the Site. If you email us with a suggestion, comment or query we will use the personal information provided to respond to you. We may also use or disclose information gathered via your use of the Site to other persons for these purposes or for related purposes, including to information technology companies, located locally or overseas, who assist us in constructing, designing and maintaining the Site.
Please be aware that other websites that may be accessed via our Site may collect personally identifiable information about you. The information practices of those third-party websites are not covered by this Policy and we are not responsible for information published on, or the privacy practices of, any third-party websites. You are solely responsible for maintaining the secrecy of your passwords or any account information. Please be careful and responsible whenever you are online.
We may use “cookies” while you are visiting our Site. Cookies are small files which are stored on your hard drive. There are two different types of cookies. Session cookies are temporary and erased when you close your browser. Persistent cookies remain on your hard drive until you erase them or they expire. We may use persistent cookies to recognise previous visitors when they return but only the cookie on your computer is identified. Most web browsers can be set to prevent you from receiving new cookies, notify you before accepting cookies or disable cookies altogether. The instructions for this can often be found via your browser’s Help function. You can delete cookies already on your hard drive at any time. If you choose to disable cookies, this may result in a reduced availability of the services provided when you use our Site.
Accessing and correcting your personal information
You can request access to the personal information that we hold about you at any time by contacting us using the details below. Deutsche Bank will respond to such a request within a reasonable time, and will try to give you full access to personal information in the manner you have requested, unless there is a legal or administrative reason we cannot do so. In some cases we may charge a reasonable fee for providing access.
Deutsche Bank takes reasonable steps to ensure that the personal information it collects, uses and discloses is accurate, up to date, complete, relevant and not misleading. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and informing us of any change in your personal details (for example, if your email address changes or if you change address).
You may also request that the personal information we hold about you be corrected to ensure it remains accurate, up to date, complete, relevant and not misleading (again, please contact us using the details below). After receiving a request from you, we will take reasonable steps to correct your information. There is no charge payable in connection with a request for correction.
We may decline your request to access or correct your information in certain circumstances. If we do refuse your request, we will provide you with a reason for our decision. In addition, if we refuse your request for correction, we will include a statement about your request with the personal information we store.
Please contact us if your personal information changes or if you believe that the personal information we hold is no longer accurate or complete.
You may contact us at any time if you have any questions or concerns about this Policy or about the way in which your personal information has been handled.
You can make a complaint if you believe that Deutsche Bank has breached its obligations under the Privacy Act or has failed to comply with this Policy. Any complaint should be made in writing and sent to our Head of Compliance using the contact details below. The Head of Compliance will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve your complaint.
If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint and endeavour to complete our investigation promptly. We may ask you to provide further information about your complaint and the outcome you are seeking.
Deutsche Bank will review and respond to your complaint as soon as possible, and generally within 30 days. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (“OAIC”), the Australian privacy regulator. The OAIC will generally only consider your complaint if you have first written to us and given us a reasonable opportunity to resolve your complaint (usually 30 days).
The OAIC can be contacted by telephone on 1300 363 992 to make a complaint about our handling of your personal information. Full contact details for the Office of the Australian Information Commissioner can be found online at www.oaic.gov.au.
You can contact us by phone, email or by post using the contact details below if you would like to:
· access, update or correct your personal information held by Deutsche Bank;
· request more information about how we handle personal information or any privacy issues; or
· make a complaint in relation to privacy:
Deutsche Bank AG
Attention: Head of Compliance
Postal address: GPO Box 7033, Sydney NSW 2001
Phone: (+61) 2 8258 1234