This current policy was updated in January 2023 and may change over time.
We provide consumers and small businesses with fair, free and independent dispute resolution for complaints about financial firms.
We collect, hold, use and disclose your personal information to carry out our functions and activities as an external dispute resolution scheme. Our Rules and Operational Guidelines set out how we deal with complaints and confidentiality requirements.
Use of your personal information
We will use your personal information to primarily resolve financial complaints that are lodged with us. We may also use your personal information for our other functions and activities such as:
- Our investigative obligations in relation to systemic issues and serious contraventions.
- Monitoring compliance with industry codes of practice.
- Meeting our reporting obligations to regulators and other government agencies.
- Complying with all applicable laws.
- Improving our services.
- Managing any employment application you make with us.
There are three ways that we collect information.
- You give it to us. Most of your personal information (including sensitive information1) is provided by you directly or your authorised representative when you lodge a complaint with us. This can include your name, email, address, date of birth and/or phone number. You may also provide personal information when you use our web chat. We will also usually collect personal information if you apply for a job at AFCA or if you subscribe to our mailing lists.
- Your financial firm gives it to us. To resolve your complaint, your financial firm may provide us with information on your behalf.
- We get it from other sources. Sometimes we may need to collect personal information from other people and organisations when we are dealing with a complaint, assisting regulators or seeking to improve our services.
- For example, we may receive information from a third party, (such as a credit reporting body) or a publicly available source, that we need in order to deal with a complaint.
- Our Rules provide that certain regulators or government agencies, including ASIC and the ATO, may provide us with protected information from time to time. We are required to maintain the protected nature of that information.
- We may also collect information through our website, surveys and social networking services such as publicly available pages on Facebook, LinkedIn, Twitter and YouTube. For example, we may use this information to improve our website and receive feedback from the community.
- We use Campaign Monitor, Eventbrite and Vimeo to manage our mailing lists, event registrations and livestreams of events.
Managing your personal information
We may store your information in hard copy or electronic format. We keep information in secure systems that we own and operate ourselves, or that are owned and operated by our contracted service providers.
We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold and we require our contracted service providers to do the same.
We endeavour to ensure that personal information is kept as current as possible and some data is deleted or made anonymous when appropriate. Some personal information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.
We only share personal information for the agreed purpose that we collected the information.
To ensure we can resolve complaints fairly and effectively, we disclose information to the financial firm about your complaint and, where relevant, affected third parties for certain superannuation complaints. We may disclose your information to your authorised representative and other parties when you ask us to do so.
We may also share personal information with other parties if permitted or required by law (such as sharing information with regulators).
We may share personal information with contracted service providers (including cloud storage providers with servers located in Australia) for the purposes of running our operations and providing our services.
Accessing your personal information
We are not a government department or agency. This means we are not subject to the Freedom of Information (FOI) Act.
You do have the right, however, to request access to your personal information under the Privacy Act. We will give you access to your personal information that we hold unless there are legal reasons why we can’t.
What information can you obtain?
Any privacy access request that you make is limited to only personal information about you. Full copies of complaint files or information about others will not be provided in response to your request.
If we can’t give you access, we will tell you why in writing or we will redact the information we cannot give you. If you have concerns, you can make a complaint.
To make a privacy access request, email us at firstname.lastname@example.org. We will need to verify your identity before giving you access. There is no fee to ask for your information, but sometimes we may charge you an administrative fee to recover our costs for providing access to your personal information.
Correcting your personal information
Contact us if you think there is something wrong with the personal information we hold about you. As an alternative to your AFCA contact, you can email your correction request at email@example.com. We will need to verify your identity before making any changes to the personal information we hold.
If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction.
You can complain to us here if you have a concern about how we have handled your personal information or your personal information access request. If you submit a complaint about our service, your concerns will be handled in accordance with our Service Complaints & Feedback Policy.
If your complaint isn’t satisfactorily resolved, you may complain to the Office of the Australian Information Commissioner (OAIC). We will explain this all clearly to you in writing, if applicable.
How to contact us
- Email firstname.lastname@example.org
- Call 1800 931 678, or
- Post: AFCA Privacy
Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001
- Other assisted contact options are also available.
- Interpreter Service 131 450
- National Relay Service
- Voice Relay 1300 555 727
- TTY 133 677
- SMS Relay 0423 677 767
1 Sensitive information is information or an opinion about a person’s racial or ethnic origin, political opinions, membership of political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual orientation or practices, criminal record, health information, genetic or certain biometric information.