DATA PROTECTION NOTICE
1. Your personal information
Your personal information (such as information that identifies you or can be used to identify you, for example your name, date of birth and contact details) is protected by the Australian Privacy Act 1988 (Cth) (the Privacy Act). This Data Protection Notice explains how we will use your personal information. This includes personal information we obtain from you, your employer or other parties, as well as information about your use of the account, your card and any transactions made with your card (including the date and amount of such transactions) and our communications with you.
For the purposes of the Privacy Act, Bank of America, National Association is the data controller in respect of your personal information and references to "we", "us" or "our" in this Data Protection Notice are references to Bank of America, National Association.
If you wish to contact our data controller, please email Global Card Services at email@example.com.
2. How we use your personal information
We will process and record your personal information:
- to administer your card and account and provide services to you;
- to facilitate transactions;
- to comply with the rules of any relevant card scheme;
- to carry out, monitor and analyse our business;
- as part of the sale, merger or similar change of our or any Bank of America Corporation business;
- to comply with any laws, rules or regulations (including anti-corruption and bribery laws, anti-terrorism laws and anti-money laundering laws) in any country; and
- to detect, prevent and investigate fraud.
In processing your personal information, we may transfer it outside of Australia to other countries, including the United States of America. We are responsible for making sure that any such transfer is made in compliance with the Privacy Act.
If the necessary personal information is not obtained, we may not be able to provide you with your card or related services.
3. Recipients of your personal information
We may disclose your personal information (including details of your transactions) to:
- any person or company working for us (including professional service organisations such as legal, audit and accounting service providers, technology and data processing companies and IT hosting providers);
- any of our group companies, offices or branches;
- your employer or any group company of your employer;
- any person or company that provides products or services to you or your employer in connection your card or account (including International SOS and Mastercard);
- any person to whom we transfer or may transfer any of our rights or duties under the agreement we have with your employer;
- any payment system under which we issue your card or account; and
- any institution, court, agency or authority (including law enforcement authorities) to whom we are required to disclose it by law including, without limitation, anti-terrorism and anti-money laundering laws and regulations, and for the purpose of fighting crime and terrorism.
If you have given false or inaccurate information or we suspect fraud we will record this and may pass this information to fraud prevention and law enforcement agencies.
If any payment in relation to the account is processed through a worldwide payment system, information about you may be passed to certain authorities (including authorities outside Australia) in order to detect and prevent terrorism.
4. How long we will keep your personal information
We will keep your personal information for no longer than is necessary for the purposes described in this Data Protection Notice or to meet legal and regulatory requirements.
5. Your rights in respect of your personal information
You have certain rights under the Privacy Act, including the right to request a copy of the personal information we hold about you and seek the correction of such information and the right to request a copy of our data protection policies and practices. Our Australia Privacy Statement contains information about how to request access to and correction of personal information, how to complain of a breach of the Privacy Act, and how complaints are handled.
To request a copy of your personal information or our data protection policies and practices, please email Global Card Services at firstname.lastname@example.org. The requested information shall be provided free of charge within the limit of one request per year.
If you have any questions about this Data Protection Notice, or if you wish to access, update or correct your personal information or withdraw your consent to the processing of your personal information in accordance with this Data Protection Notice, please email Global Card Services at email@example.com. Please note that if you withdraw consent, we may still be permitted to hold and process some of your information as required or permitted by law. Additionally, upon your withdrawal of such consent, we will immediately terminate your card.
DPN Australia (v4) November 2016