Privacy Policy
Last Review: 16 September 2025
Who we are
We are China Merchants Bank Co., Ltd (ARBN 96 609 857 383, AFSL 498531) trading as China Merchants Bank, Sydney Branch all branches of China Merchants Bank in Australia (collectively, CMBS, we, us, our).
About this policy
This Privacy Policy explains how collect, share, use, and protect personal information in the course of our business, including when you visit of use our Online Banking Services. In this Privacy Policy:
Online Banking Services means CMBS App, our website and/or the online facility through you may access the banking services via the internet from time to time made available and provided by CMBS. Such Online Banking Services may include viewing and accessing electronic statements, electronic forms, using the soft token to generate one-time passwords and applying for, acquiring, access and using products and services from time to time offered or provided by CMBS to you. Such Online Banking Services may be subject to such other, additional or supplemental terms and conditions as may be prescribed by CMBS from time to time in respect thereof.
CMBS App means the mobile application(s), which may be installed on your certain mobile devices, through which you may access the banking services via the internet from time to time made available and provided by CMBS.
Our commitment to protecting your privacy
We understand how important it is to protect your personal information. We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Privacy (Credit Reporting) Code and any other legislation relevant to protecting your privacy.
What is “personal information”?
Personal information means an information or an opinion about an identified, or reasonably identifiable individual whether or not that information is true or that information is in a material recorded form.
This is different from sensitive information which is information or an opinion about your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health (including genetic and biometric information used for the purposes of automated biometric verification or identification, such as your facial biometrics through our digital applications).
Personal information may also include credit-related information. Credit-related information is information used to assess your eligibility to be provided with finance and may include an individual’s credit report, any finance that you have outstanding, your repayment history and any defaults. Usually, credit information is exchanged between credit and finance providers and credit reporting bodies.
How do we collect your personal information?
Wherever we can, we will collect your personal information directly from you through our website, application forms including our online applications, promotions and campaigns. We may also collect your personal information from other people and organisations such as credit reporting bodies, finance brokers, introducers who introduce your business to us and other third parties such as accountants and lawyers.
We may also collect your sensitive information (in the form of your biometric information used for the purposes of automated biometric verification or identification) from our online applications if you sign up for our digital applications and services. We will only collect your sensitive information if we ask you for your consent beforehand.
We will generally rely on you to ensure that the information you provide to us is accurate and complete.
What types of personal information do we collect?
The kinds of personal information we may collect and hold includes:
§ (Identity information) your name, date of birth, residential address, gender, marital status, nationality, place of birth and other government identifiers and verifying documents such as your driver’s licence or passport.
§ (Contact details) your phone number, facsimile and email address.
§ (Financial information) your bank account information, transactions relating to your account, your income, assets and liability information including loan account numbers, and financial statements.
§ (Our interactions with you) your history of transactions and interactions with us including timing and the content of any details you provided in updates, additional information, communications with customer support, providing feedback or raising a complaint.
§ (Job applications) if you apply for a job with us, we may collect certain information about you including information about your working history, and relevant records or checks from any recruitment consultant or from your previous employers, universities and others who may be able to assist us in our decision as to whether to make you an offer of employment.
§ (Online behavioural data) your IP address of your devices or computer and any CMBS pages you visit (see section on ‘Cookies’ below).
§ (Device Information) certain device information including device model, manufacturer, operating system version, unique device identifiers, device name, and MAC address. This is used solely for security validation, fraud detection, and ensuring App compatibility.
§ (Tax information) your tax file number and other tax-related information (whether in Australia or overseas) including tax residency details.
§ (Marketing) information about how and when you respond to CMBS surveys or promotional material or any promotion or competition you apply for, or any CMB seminar you attend.
§ (Credit-related information) information about your creditworthiness (Only applicable to individual guarantors).
§ (Audio and visual data) your image and videos, including facial recognition may be collected if you visit our branches or access internet banking, and audio recordings if you call us.
§ (Social media) if we release articles or material on social media platforms, we may collect your information from your comments, responses or ‘likes’.
§ (Products and Services) Information about products and services we have provided to you; and
We may collect personal information where it is required or authorised by or under an Australian law or a court/tribunal order. In certain circumstances we may be required to collect your name, address, date of birth, and other verification information and verifying documents under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and Anti-Money Laundering and Counter- Terrorism Financing Rules Instrument 2007 (No.1) (Cth). If you have applied to provide a guarantee, and if you give us a security interests, certain identification information under property laws in some Australian states and territories or the Personal Property Securities Act 2009 (Cth). We may collect your tax file number if you choose to provide it as authorised by the Income Tax Assessment Act 1936 (Cth) and other taxation laws. We may also be required to request your tax residency status under information sharing agreements between the Australian Government with other countries, such as the agreement between Australia and the United States (US) under US law (Foreign Account Tax Compliance Act), that requires us to ask account holders of some products whether they are US citizens or US tax residents. If you are a tax resident of another country, the relevant treaty or law (such as the Common Reporting Standard under the Taxation Administration Act 1953 (Cth)) may require us to collect your relevant foreign tax identification number and tax residency status.
How do we hold your personal information?
We may hold your personal information either electronically or in hard copy (paper) form. We may retain your personal information in:
§ our physical files in branch or access restricted storage;
§ our computer systems, databases, and secured servers, cloud storage and the IT servers that may be located outside Australia.
We will take reasonable steps to protect your personal information by storing it in a secure environment. We will also take reasonable steps to protect any personal information from misuse, loss and unauthorised access, modification or disclosure.
What do we do with your personal information?
We collect, use and hold your personal information for a number of reasons but mainly to serve you as a customer, managing our business and operations and complying with our legal obligations:
The purposes for which we collect, use and hold your personal information are to:
§ assess your eligibility for our products and services;
§ provide, administer, monitor and evaluate and promote our products and services to you or to an entity which you represent;
§ manage and execute our internal business processes, including assessment of job application;
§ verify your identity and complete anti-money laundering and counter terrorism checks;
§ comply with our internal and external legal and compliance requirements (including record retention requirements) and law enforcement agencies or regulators requirements, which may include complying with both Australian, overseas and international laws;
§ detect, prevent and investigate illegal conduct such as fraud and scams;
§ investigate and resolve complaints and disputes and improve our products and customer experience;
§ manage our relationship with you, including to service your requests and to offer you products and services that may be useful or more suitable to you;
§ provide you with customer support and respond to your queries or request for assistance or complaint;
§ market our products and services to you, including providing you with information about new products, promotions, campaigns and competitions;
§ enhance our products and services, including developing and improving our products and services to better suit you;
§ to meet our contractual requirements, or taking steps to enter into prospective contractual requirements (such as a transfer of rights and obligations of any kind);
§ conduct appropriate checks for credit-worthiness (Only applicable for individual guarantors);
§ to ensure safety and security of our premises and those working at or visiting our premises;
§ protect, maintain, test and upgrade our security mechanisms; and
§ meet any other purpose that is specified in our agreement with you.
We will hold your personal information for a period of time which is necessary and reasonable. We operate CCTV cameras at some of our premises. Images captured by our CCTV cameras are collected, used and stored for security and operational purposes, and to assist with any investigations relating to incidents at our premises.
Who do we disclose your personal information to?
Any personal information which we collect about you may be used by us for the purposes explained in the section above, or any related purposes.
We may disclose your personal information to:
§ our related bodies inside the CMB group;
§ any person who you have provided us with consents or is authorised to act for you, such as finance brokers, lawyers, and accountants or people authorised to represent you, such an attorney under a power of attorney or a manager under a financial management order;
§ assignees and prospective assignees of any obligations you owe us;
§ third party where we are legally required to provide information to and regulatory bodies, government agencies, law enforcement bodies, courts and relevant dispute resolution schemes;
§ investors, agents or advisers, or any entity that has an interest in your finance or our business;
§ our agents, service providers and other organisations who assist us or partner with us in the management and administration of our services or provide us with other services connected to the provision of our products and services. These include:
o Payment service providers and other financial institutions for exchanging and processing your orders, payments, settling security and payment transactions and electronic transactions to banks and other financial institutions.
o Organisations involved in our funding arrangements;
o Organisations that assist us to identify, investigate or prevent fraud and other misconduct,
o IT service providers, who provide, service or maintain our online applications and website;
o our professional advisors, including auditor, legal, accounting and tax advisers;
o third party identity verification service providers who may assist us with verifying your identity to meet our legal requirements;
o external marketing service providers who may assist us with marketing and promotional activities, advertising, events and our communications and analytics; and
If you do not wish for us to use or disclose your information in any way, provided that it is not reasonably required to provide the products or services you ask for, or to satisfy our internal policies or legal requirements, you may ask us not to.
Overseas recipients
We may transfer and disclose your information overseas, including to the People’s Republic of China. This happens when send information to CMB group members overseas or outsource functions overseas to provide you with the products and services you have requested, such as IT data warehousing. If we do this, we make sure there are arrangements in place to protect your information.
If you have provided your consent to us disclosing your personal information to overseas recipients without complying with APP 8.1, to the extent allowed by the APP, we may disclose your information to overseas recipients without taking reasonable steps to ensure the overseas recipient does not breach the APPs.
Direct marketing
You may have agreed to receive marketing offers from us when you applied or signed up to our products or services. If you do not want to receive marketing information from us, please let us know by contacting us using the details in the ‘Contact us’ section.
Credit-related information (Only applicable to individual guarantors)
We may collect, hold, use and disclose certain credit related information about individuals in the connection with our services. This credit-related information, may be disclosed to credit reporting bodies, and includes information that identifies you, and credit eligibility information.
We may collect and hold any type of credit-related information about individuals which is permitted under the Privacy Act, including:
§ Permitted identity particulars
§ Details of relevant product or service
§ Confirmation of previous information requests to credit reporting bodies made by third parties
§ Details of other credit providers to the individual and the terms of those arrangements
§ Permitted payment default information, including information about related payment arrangements and subsequent repayments
§ Other repayment history information
§ Information about serious credit infringements (fraud)
§ Information about adverse court judgements
§ Publicly available information about the individuals creditworthiness
§ Certain insolvency information from the National Personal Insolvency Index; and
§ Any credit score or credit risk assessment indicating a credit reporting body's or credit provider’s analysis of the individuals eligibility for credit.
The information may be collected in a number of ways, such as obtaining it directly from you or from a person acting on your behalf.
We will use this information:
§ To assess an application by you, or a connected entity, for credit (including assessing any proposed guarantors);
§ To manage credit we may provide (including servicing and administration of our products);
§ To participate in credit reporting systems and providing information to credit reporting bodies as permitted by Part III A of the Privacy Act and the Credit Reporting Code;
§ For internal management purposes;
§ To assist you if we consider that you may be at risk of defaulting on your credit related obligations;
§ To undertake debt recovery and enforcement activities, including in relation to guarantors;
§ To meet legal and regulatory requirements (such as reporting matters to regulators or enforcement bodies);
§ To deal with complaints and legal proceedings;
§ To derive scores, ratings and other information relating to your credit worthiness which are used in our decision-making process; and
§ To assist other credit providers to do the same.
This credit information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the credit information we hold about you.
We may disclose your credit information to CMB group, and to other overseas entities that provide support functions to us. These entities are located in the People's Republic of China. You may obtain more information about these entities by contacting us.
Cookies
Cookies are files with small pieces of data that are used to identify your devices or computer when you use our website or online applications and remember certain information about you. Some cookies are necessary for certain functions on our website, such as accessing online banking.
Other cookies allow us to analyse your online behaviour on our website and online applications (including your location, how you use our website and online applications and the products or services you may be interested in).
Third-Party SDKs
To facilitate the provision of the Online Banking Services, we may use the software development kit (SDK) provided by third-party service providers with corresponding business qualifications and capabilities to provide services for you, and the third-party service providers will collect the necessary information about you.
How to access, update and correct your information
You can contact us and ask to view your information. You have the right to ask to access, update and /or correct the personal information and credit-related information that we hold about you.
If you would like us to provide access, update or a correction, we recommend that you:
§ contact us on the details below under ‘Contact us’ and set out the details of your access, update or correction request, including how you would like to access the information if you are requesting access;
§ comply with any requests we may have to verify your identity or the authority of your third-party representative (if you have one); and
§ allow us 30 days to respond to your request. Our response will set out our reasons for approving or denying your request.
Certain access requests may incur a charge for our administrative costs to retrieve your personal information. No charge will be imposed for a request to update or correct your information.
We will consider and assist customers with reasonable requests in relation to personal information. If you are unhappy with the outcome of your request, you may provide us with feedback or raise a complaint as explained under ‘Feedback and complaints’.
Feedback and complaints
If you have any feedback or wish to raise a complaint about the way we have managed your personal information or credit-related information (including a breach of the Australian Privacy Principles or the registered CR Code), please contact us using the details found under the ‘Contact us’ section.
We will use our best endeavours to respond to your complaint within 14 days. However, where the matter is complex, we will write to you and advise you that we may respond within 30 days.
If you are not satisfied with our response or handling of your complaint, you can contact the Office of the Australian Information Commissioner (OAIC) or the Australian Financial Complaints Authority (AFCA):
Office of the Australian Information Commissioner | |
By post: | GPO Box 5218, SYDNEY NSW 2001 |
By telephone: | 1300 363 992 (10am to 4pm AEST, Monday to Thursday) |
By online form: | www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us |
Website | www.oaic.gov.au |
Australian Financial Complaints Authority | |
By post: | GPO Box 3, Melbourne VIC 3001 |
By telephone: | 1800 931 678 (9am to 5pm AEST, Monday to Friday) |
By online form: | https://www.afca.org.au/make-a-complaint |
Website | www.afca.org.au |
Contact us
For all privacy related matters, including access, correction and complaints please contact the CMBS Compliance Officer on the details below:
CMBS Compliance Officer | |
By post: | Level 39, Governor Philip Tower, 1 Farrer Place, Sydney NSW 2000 |
By telephone: | (02) 7909 5555 |
By email: | sydney_gm@cmbchina.com |
Validity and changes to our privacy policy
This Privacy Policy is valid from the date stated at the start of the policy and will be reviewed annually and from time to time.
Where any changes are made, we may vary this privacy policy from time to time by publishing the updated version on our website.Your use of the Online Banking Service following any changes to this Privacy Policy means that you accept the terms stated in the updated Privacy Policy.
You may request this Privacy Policy in an alternative form free of charge by contacting us.