Truyu Privacy Policy
Version 2.0 01/04/2024
Truyu means CBA New Digital Businesses Pty Ltd (NDB), a wholly owned subsidiary of the Commonwealth Bank of Australia (CBA). You can find information about Truyu on the Truyu website at http://www.truyu.com.au .
At Truyu, we understand how important it is to keep any personal information we have, including about visitors browsing the Truyu Website http://www.truyu.com.au (“Website”) or the Truyu app (“App”) and registered members of the Website or the App private, protected and safe. We are committed to protecting the personal information of individuals with whom we deal.
You can be confident that we comply with the Privacy Act 1988 (Cth) (Privacy Act). This Privacy Policy outlines how we can collect, use, hold and disclose your personal information.
Please read through this Policy carefully prior to using the Truyu Website or the App. The personal information we seek to collect about you is necessary for the service we provide. If you do not provide us with all of the information we require, we may not be able to deliver our service to you.
We update this Policy when things change. You can always find the most up-to-date version through the Website or the App.
We collect your personal information directly from you most of the time, however on occasion, we may also collect information about you from other people and organisations.
We collect personal information when you:
We usually collect the following types of personal information:
Identity Information
When you register for a Truyu account, we may collect identification information such as:
Sensitive information
Our service provider, GBG, will collect an image of your face and images of your identification documents (such as driver’s licence or passport), for biometric identification purposes. This information will only be used to verify your identity when you register for identity usage monitoring so that we can make sure the ID your monitoring belongs to you. We do this to protect you against identity fraud. GBG will delete these images after 7 days. We'll always ask you for your permission to collect these images. For more information, view GBG’s Privacy Policy.
Information required to provide service
Data Breach Alerts
We collect your email address directly from you. We also collect information from service partners about whether your email address has appeared in a data breach.
ID Alerts
We collect your name, date of birth, and address directly from you to provide ID Alerts and match you with an existing credit file for monitoring. If a match is successful, we also collect your credit file history, which we immediately delete. When Experian notifies us of a credit enquiry or a new account opened on your credit file, we collect the date of the alert, the name and industry of the merchant, and the credit limit requested or opened.
Interaction information
We may collect details of your interactions with us, such as when you email us to make an enquiry, provide feedback, or make a complaint
Digital Information
When you access the Website or the App, we collect your location information, IP address, mobile device and network information. The recording of such information enables us to optimise the App for our users, without identifying them.
If you access the Website or the App, we will only store your personal information if you input it into the Website or the App through an online form, e.g. when you sign up, or email us.
How safe and secure is the information we hold about You?
We take great care with the information We hold about You. Our aim is to ensure that any details are securely protected from misuse, interference and loss, and unauthorised access, modification or disclosure. We will take reasonable care to make sure that We keep Your information in an accurate, complete and up-to-date manner.
What about online security?
The Website and the App is professionally hosted and operates in a secure environment. The Website and the App uses encryption techniques to enhance Your privacy and security when using the Website and the App. You should however be aware that there is always an inherent risk in transmitting Your personal information via the internet.
How long do we keep information about You?
We will hold Your information for as long as You are an active member of Our service and Our service remains available. Upon termination of your subscription, We will remove your personal information immediately. Upon deletion of your account, We will remove Your account from Our service immediately. Experian may continue to send Us credit-related updates during this time.
We may also retain database backups which may contain personal information We have collected from You under this Privacy Policy. This information may be retained for the purposes of complying with applicable laws or for Our own security policies. We may continue to retain de-identified information for analytical and reporting purposes.
Your personal information and authority for us to act as your access seeker will be retained until the end of your subscription. If you no longer wish for us to hold your information, or wish to withdraw the authority for us to act as your access seeker, you may ask us to delete your personal data by contacting us at contact@truyu.com.au. Truyu will take reasonable steps to destroy or de-identify this data unless there is a business or legal requirement for us to retain it.
Here is a list of ways we may use your personal information:
Serving you as a customer
We use your information to deliver our products and services, including to:
Managing our operations
We use your information to manage our operations, including to:
Improving our business
We use your information to improve the products and services we provide through activities such as:
Managing security, risk, compliance and crime prevention
We use your information to:
If you do not provide us with the information in whole or in part, we may not be able to provide you with our products and services.
Using data
Improvements in technology enable organisations, like us, to collect and use information to get a more integrated view of users and provide better products and services. We may combine user information with information available from a wide variety of external sources to analyse the data in order to gain useful insights.
Do we use information for direct marketing?
We may use personal information we collect about you to provide direct marketing offers for Truyu products and services, which we think, may be of interest to you, unless you tell us not to by opting out at any time. Opt-out may be in the form of an email or other electronic means.
We may send your information to recipients located overseas, including to service providers and other third parties who operate or hold data outside Australia. The purposes for which we may send your data overseas include for identity verification purposes, managing customer service, reporting and analytical purposes, and system development testing purposes.
When we send your information overseas, it is likely to be the United States of America, these service providers include Twilio and SendGrid. If this happens, we require such organisations to have the appropriate data handling and security arrangements in place to ensure compliance with this Policy and the law.
What are cookies?
Cookies are text files that are downloaded to your computer or mobile device when you access a website. As you browse, cookies gather and store some information about the way you use that website.
Cookies allow the website to recognise your device each time you visit, providing you with a better experience because the site learns your preferences as you browse. Some types of cookies also perform essential functions to enhance how the site works.
How we use cookies on the Website and the App
Cookies are used on the Website to track your journey through the Website. The type of cookie we use collects no personal information at all. This simply allows us to see at a glance which pages and information are of most interest to visitors and members. Most browsers can be configured to refuse to accept cookies. You can also delete cookies, however, doing so may hinder your access to valuable areas of information within the Website.
The App uses your device’s information, such as your device ID, and uses local secure storage to remember your login details. To delete your device information, you will need to delete or uninstall the App from your device or clear your local storage.
Google Analytics Advertising Features and the cookies it uses
We use Google Analytics features based on Display Advertising. You can opt-out of Google Analytics Advertising Feature by using the Google Ad Settings within the web-browser (https://adssettings.google.com/). In addition, you can use the Google Analytics Opt-Out Browser Add-on (https://tools.google.com/dlpage/gaoptout/ ) to disable tracking by Google Analytics.
We use Google Analytics Demographics and Interest-Reporting to understand the spread of age ranges, gender, and geographic locations of Our users. This enables Us to tailor the Website, content and Our marketing around Our users’ interests.
We may use “Remarketing” with Google Analytics and other platforms such as Facebook Retargeting to advertise online. This will utilise different cookies. Third-party vendors, including Google, Facebook and media agencies, show Our ads on websites across the internet. These third-party vendors use the cookies on Our Website to inform, optimise and serve ads based on Your past visits to Our Website.
For further information about how Google Analytics collects and processes information, please refer to "How Google uses information from sites or apps that use our services", (located at https://policies.google.com/technologies/partner-sites ).
We disclose personal information to third parties for the reasons mentioned in ‘How do we use your information?’. The types of third parties are listed below:
We may also provide personal information about you to external organisations in circumstances where we are required or authorised by law, or with your express consent.
We will share aggregate data on the performance of the Website and the App and user behaviour analytics with our parent company, the Commonwealth Bank of Australia Group, this may include subsidiaries located outside Australia.
We take great care with the information we hold about you. Our aim is to ensure that details are securely protected from misuse, interference, and unauthorised access, modification or disclosure service. We take great care to make sure that we keep your information in an accurate, complete and up-to-date manner.
The Website and the App are professionally hosted and operate in a secure environment. The Website and the App use encryption techniques to enhance your privacy and security when using the Website and the App. You should however be aware that there is always an inherent risk in transmitting your personal information via the internet, including by email.
The period of time we keep your information will depend on the type of information we hold about you. Generally, your information will be retained while we have an ongoing relationship and for a period of time as required under specific legislation relating to the type of information held.
Refer to Clause 4 and 5 on information we collect and store from You. You can contact Us if you have specific questions pertaining to your information. There is no fee to ask Us for Your personal information. We try to respond to Your personal information requests within 30 days after You ask Us for it. Before We give You the information, We will need to confirm Your identity. In some cases, We may refuse access or only give You access to certain information. If We do this, We’ll write to You explaining Our decision.
If You wish to access a copy of Your full free Experian credit report, please visit Experian’s website at http://www.experian.com.au .
We might contact You periodically or prompt You to update Your personal information when You log into the App. You can find information on how to contact Us under the Contact Us section of this Privacy Policy.
If You wish to update any information We hold about You, please delete your account and create your account using Your updated information.
If You think there is a mistake with Your credit reporting information, then it is important to first check Your credit report which You can obtain from Experian. If any details are wrong, You can ask either Experian or Your credit provider to have them corrected.
Other important information
Changes to the privacy policy
Sometimes we update our Privacy Policy. Any modifications will be effective immediately upon posting the amended Privacy Policy on the Website or the App. We may contact you or notify you when you log into the Website or the App that there have been changes to our Privacy Policy. You can always find the most up-to-date version on the Website http://www.truyu.com.au
We try to get things right the first time – but if we don’t, we’ll do what we can to fix it. If you are concerned about your privacy, you can make a complaint by emailing us at complaints@truyu.com.au and we’ll do our best to sort it out.
Once the complaint has been received, we’ll look into the issue and try to resolve it as soon as possible. If we can’t we’ll write to you to let you know how we’ll manage the complaint.
If your complaint is about how we handle your personal information, you can also contact the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Ph: 1300 363 992
Postal address: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW, 2001
Please contact us if you:
You can contact us via email at contact@truyu.com.au
Our registered business address is:
CBA New Digital Businesses Pty Ltd
Commonwealth Bank Place South
Level 1
11 Harbour Street
Sydney NSW 2000