Privacy Notification

Privacy and Protection of Information

Respecting your personal information and keeping your information confidential is important to us.  Please contact us if you have any questions or comments about our privacy policies and procedures. We welcome your feedback.

You can contact us by:

Privacy Notification

This notification covers Medfin Australia Pty Ltd ABN 89 070 811 148 (Medfin), the National Australia Bank Ltd ABN 12 004 044 937 and its related companies (the Group). It includes all the banking, financing, funds management, financial planning, superannuation, insurance, broking and e-commerce organisations in the Group.  We are grateful for the trust and confidence you have in us to safeguard your privacy. The notification tells you how we collect your information, what we use it for and who we share it with.  It also points out some key features of our Privacy Policy available at By providing personal information to us, you consent to the collection, use and disclosure of your information in accordance with this Notification and any other arrangements that apply between us.

Your personal information

If you are an individual, “personal information” means any information or an opinion about you, or could be reasonably identified as information or an opinion about you, whether or not it is true or in a recordable form.  When we refer to “you” in this notice, we may refer to you as an Applicant, Borrower or Guarantor (as individuals and commercial entities, as the case may be).

How we collect information from you

We’ll collect your personal information from you directly whenever we can, for example when you fill out a form with us, when you’ve given us a call, used our websites (including via cookies) or mobile applications or dropped into one of our branches (see our Cookies Policy for more information). Sometimes we collect your personal information from third parties.  You may not be aware that we have done so.  If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.

How we collect your information from other sources

Sometimes we collect information about you from other sources. We may collect information about you that is publicly available (for example from public registers or social media), or made available by third parties (such as credit reporting bodies or Intermediaries, such as brokers or aggregators). We do this where:

  • we distribute  or arrange products on behalf of others, including our business partners;
  • we can’t get hold of you and need to update your contact details;
  • we need information from third parties about an application you make through us;
  • we need information for fraud prevention purposes;
  • we are checking the security you are offering;
  • we can learn insight about your financial needs, such as through property information;
  • you have consented to third parties  sharing it with us, such as organisations we have loyalty programs with or we sponsor;
  • at your request, we exchange information with your legal or financial advisers or other representatives.

We may use or disclose information about you in order to combine the information that we hold with information collected from or held by external sources.

When the law authorises or requires us to collect information

We may collect information about you because we are required or authorised by law to collect it. There are laws that affect financial institutions, including company and tax law, which require us to collect personal information. For example, we require personal information to verify your identity under Commonwealth Anti-Money Laundering law.

How we use your information

We use your information to provide you with the product or service you asked for, and for other purposes including:

  • giving you information about a product or service including financial help, guidance and advice;
  • considering whether you are eligible for a product or service, including identifying or verifying you or your authority to act on behalf of a customer;
  • processing your application and providing you with a product or service;
  • administering the product or service we provide you, which includes answering your requests and complaints, varying products and services, conducting market research, and managing our relevant product portfolios;
  • telling you about other products or services that may be of interest to you, or running competitions and other promotions (this can be via email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums),  unless you tell us not to;
  • identifying opportunities to improve our service to you and improving our service to you;
  • determining whether a beneficiary will be paid a benefit;
  • assisting in arrangements with other organisations (such as loyalty program partners) in relation to a product or service we make available to you;
  • allowing us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing);
  • preventing or investigating any fraud or crime, or any suspected fraud or crime;
  • as required by law, regulation or codes binding us; and
  • for any purpose for which you have given your consent.

You can let us know at any time if you no longer wish to receive direct marketing offers from the Group. We will process your request as soon as practicable. Where you have subscribed to something specific (like to hear from one of our sponsored organisations) then these subscriptions will be managed separately. If you no longer wish to receive these emails click the unsubscribe link included in the footer of our emails.

Credit Information and our Statement of Notifiable Matters
Your credit information

Your “credit information” means your credit-related personal information (not including sensitive information) and includes:

  • your identification information;
  • consumer credit liability information;
  • repayment history;
  • a statement that an information request has been made about you by a credit provider, or a mortgage or trade insurer;
  • whether you applied for consumer or commercial credit and the amount of credit you applied for;
  • default, serious credit infringement or payment information;
  • new arrangement information;
  • court proceedings or personal insolvency information;
  • publically available information about your creditworthiness (that is not court proceedings or held in the National Personal Insolvency Index).
How we use your credit information

In addition to the ways for using personal information mentioned above, we may also use your credit information to:

  • assess your creditworthiness;
  • to assess the validity of your identification information (these checks help us verify whether your identity is real and are not a credit check);
  • enable a mortgage insurer or title insurer to assess the risk of providing insurance to us or to address our contractual arrangements with the insurer;
  • assess whether to accept a guarantor or the risk of a guarantor being unable to meet their obligations;
  • consider hardship requests; and
  • assess whether to securitise loans and to arrange the securitising of loans.
We exchange your credit information with credit reporting bodies (CRBs)

When we’re checking your credit worthiness and at other times, we might share your credit information with CRBs. The CRBs we deal with are:

Equifax Australia
Telephone  :  13 83 32
Online form  :
Website :
Post :  GPO Box 964, North Sydney NSW 2059

Telephone  :  13 23 33
Online form  :
Website :

Telephone  :  1300 783 684
Online form  :
Email  :
Website  :

Things you should know about your credit information (our Statement of Notifiable Matters)

When we exchange your personal information to CRBs:

  • the CRB may include the information in reports provided to other credit providers to assist them to assess your credit worthiness;
  • if you fail to meet your consumer credit payment obligations or commit a serious credit infringement, we may be entitled to disclose this to the CRB;
  • our policy about the management of credit-related personal information is found in our Privacy Policy available at;
  • you have the right to access your information held by us, to ask us to correct the information or to make a complaint about how we have managed your credit- related personal information;
  • you have the right to ask a CRB not to use your credit reporting information for the purposes of pre-screening of direct marketing by a credit provider; and
  • you have the right to request the CRB not to use or disclose credit reporting information about the individual, if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.
Our Credit Reporting Policy

Our Credit Reporting Policy is found in our Privacy Policy available at and contains information about:

  • how we manage your credit information;
  • how you can access or correct the credit eligibility information we hold about you (this includes credit reports and the information we derive from those reports); and
  • how you can raise a complaint about our management of your credit information (and how we will deal with the complaint).
What happens if you don’t provide your information to us?

If you don’t provide your information to us, we may not be able to:

  • provide you with the product or service you want;
  • manage or administer your product or service;
  • personalise your experience with us;
  • verify your identity or protect against fraud; or
  • let you know about other products or services from our Group that might better meet your financial, e-commerce and lifestyle needs.
Sharing Your Information

We may share your information with other organisations for any purposes for which we use your information. For the avoidance of doubt, this includes sharing your information obtained through any online forms where you have consented or requested that your personal information be shared with a third party.

Sharing with the Group and our Intermediaries

We may share your personal information with other Group members and our Intermediaries. This could depend on the product or service you have applied for and the Group member or Intermediary you are dealing with.  Where appropriate, we integrate the information we hold across the Group to provide us with a complete understanding of you and your needs, including giving you access to the Group or related products you hold via Internet Banking.

Sharing with Joint Applicants, Joint Borrowers and Guarantors

We and our Intermediaries may exchange your personal information with your joint Applicants or joint Borrowers (and their authorised legal representatives) to process the Application and to administer your finance contract.

If you are a Guarantor, in order to decide whether to accept your guarantee and to administer the guaranteed finance contract, we and our Intermediaries may exchange your personal information with:

  • any of the Applicants or Borrower under the finance contract that you may guarantee or have guaranteed;
  • any joint Guarantor; and
  • their authorised legal representatives.

Information about a Guarantor that we share with an Applicant, Borrower, or joint Guarantor will not include Credit Eligibility Information (that is, information derived from credit reporting information we obtain from a CRB).

Sharing at your request

We may need to share your personal information with your representative or any person acting on your behalf (for example, financial advisers, lawyers, settlement agents, accountants, executors, administrators, trustees, guardians, brokers, valuers or auditors) and your referee such as your employer (to confirm details about you).

Sharing with third parties

We may disclose your personal information to third parties outside of the Group, including:

  • those involved in providing, managing or administering your product or service, including our Intermediaries;
  • authorised representatives of the NAB Group who sell products or services on our behalf;
  • CRBs or other approved third parties who are authorised  to assess the validity of identification information;
  • identity verification providers (such as Eidentity), for the purposes of verifying your identity information under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) and also under State and Territory property and electronic conveyancing laws;
  • insurance, investment, superannuation and managed funds organisations, and their advisers and service provider;
  • medical professionals, medical facilities or health authorities who verify any health information you may provide;
  • real estate agents, valuers and insurers (including lenders’ mortgage insurers and title insurers) , re-insurers, claim assessors and investigators;
  • brokers or referrers who refer your application or business to us;
  • other financial institutions, such as banks or other credit providers, as well as guarantors and prospective guarantors of your facility;
  • organisations involved in debt collecting, including purchasers of debt;
  • fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature);
  • organisations involved in surveying or registering a security property or which otherwise have an interest in such property;
  • organisations we sponsor and  loyalty program partners, including organisations the NAB Group has an arrangement with to jointly offer products or has an alliance with to share information for marketing purposes;
  • companies we arrange or distribute products for, such as insurance products;
  • if you are a company, your related bodies corporate (for the purposes of better understanding or managing your relationship with them);
  • rating agencies to the extent necessary to allow the rating agency to rate particular investments;
  • any party involved in securitising your facility, including the Reserve Bank of Australia (sometimes this information is de-identified), re-insurers and underwriters, loan servicers, trust managers, trustees and security trustees;
  • service providers that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems;
  • payments systems organisations including merchants, payment organisations and organisations that produce cards, cheque books or statements for us;
  • our joint venture partners that conduct business with us;
  • organisations involved in a corporate re-organisation or transfer of NAB Group assets or business;
  • organisations that assist with our product planning, analytics, research and development;
  • mailing houses and telemarketing agencies and media organisations who assist us to communicate with you, including media or social networking sites;
  • other organisations involved in our normal business practices, including our agents and contractors, as well as our accountants, auditors or lawyers and other external advisers (e.g. consultants and any independent customer advocates);
  • government or regulatory bodies (including the Australian Securities and Investment Commission and the Australian Tax Office) as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities); and
  • where you’ve given your consent or at your request, including to your representatives, or advisors.
Sharing outside of Australia

We run our business in Australia and overseas.  We may need to share some of your information (including credit information) with organisations outside Australia. Sometimes, we may need to ask you before this happens. You can view a list of the countries in which those overseas organisations are located at

We may store your information in cloud or other types of networked or electronic storage.  As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held.  If your information is stored in this way, disclosures may occur in countries other than those listed.

Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.

We do not share your credit information with CRBs located outside of Australia.  We are not likely to share credit eligibility information (that is, credit information we obtain about you from a credit reporting body or that we derive from that information) with organisations unless they have business operations in Australia.  However in the event Medfin seeks assistance from a related company such as NAB to manage defaulting loans, we are likely to share credit information about you with organisations outside Australia.   A list of countries in which those overseas organisations are located is set out above.

Accessing and correcting your Information

You can ask us to access or correct the information that we hold about you. You have special rights to access credit information we obtain about you from a CRB or what we derive from that information.  You can find out how to access your information (including your credit eligibility information) by reading our Privacy Policy,  available at or by calling 1300 728 718 and asking us for a copy.


If you have a complaint about a privacy issue, please tell us about it.  You can find out how to make a complaint (including special rights for credit information complaints) and how we will deal with these complaints, by reading our Privacy Policy, available at or by calling 1300 728 718 and asking us for a copy.

Contact Us

We care about your privacy.  Please contact us if you have any questions or comments about our privacy policies and procedures.  We welcome your feedback.

You can contact us by:

  • submitting an online Feedback or Complaints form via
  • calling Client Services on 1300 728 718
  • contacting your Relationship Manager on 1300 361 122


Electronic Communications Consent

Where you have agreed  to receive transaction documents and other information relating to your finance applications and agreements electronically (this is normally set out in our finance application forms where you have been asked to provide an email address, mobile number and consent by signing), the following arrangements apply to the electronic delivery:

  • We may give your transaction documents and information relating to your finance applications and agreements by sending them to your nominated email and SMS addresses for receiving electronic communications from us.
  • You must nominate a valid and unique email and SMS addresses for receiving electronic communications which is acceptable to us.
  • You are responsible for checking your nominated email and SMS addresses regularly for electronic communications from us.
  • We may make transaction documents and information relating to your finance applications and agreements available through the electronic documentation platform for a period of 30 days after we notify you of its availability to access and its purpose.
  • You will need to access the electronic documentation platform using the hyperlink and pass code we send to nominated email and SMS addresses to sign transaction documents and information relating to your finance applications and agreements which we send to you as electronic communications.
  • Any transaction documents or information relating to the Borrower’s finance applications and agreements that we send you as electronic communication may be signed by you on behalf of the Borrower by applying an electronic signature.
  • You must retain a record of each electronic communication we send you as your original counterpart on paper or a format in which the information is capable of being readily reproduced.

Where you have provided consent because you are authorised to act on behalf of an Applicant, Borrower or Guarantor, you:

  • warrant that you have been properly authorised to give this consent on behalf of the Applicant, Borrower or Guarantor and to nominate an email and SMS address for receiving communications electronically on behalf of the Borrower or Guarantor in relation to transaction documents and other information relating to the Borrower’s finance applications and agreements with us;
  • acknowledge on behalf of the Applicant, Borrower or Guarantor that it may no longer receive documents or information relating to its finance applications and agreements from us as paper documents; and
  • agree that you will regularly check your nominated addresses for electronic communications, documents and information sent by us relating to the Applicant, Borrower or Guarantor’s applications and agreements with us.

You may request a copy of information we sent you as electronic communication within 7 years after date the information is given.

Any information sent to you as electronic communication will be deemed to be received on the terms set out in the Customer’s finance agreements with us. We may continue to send transaction documents or information relating to the Borrower’s finance applications and agreements in paper form where it is mandatory or convenient for us to do so.

We can be contacted on 1300 361 122 during normal business hours to update any of these details or to revoke this consent.

Last updated 19 May 2021