Privacy Policy

Version 1.0 15/01/2024

Truyu Privacy Policy  

Version 2.0 01/04/2024   

  1. About us 

Truyu means CBA New Digital Businesses Pty Ltd (NDB), a wholly owned subsidiary of the Commonwealth Bank of Australia (CBA). You can find information about Truyu on the Truyu website at http://www.truyu.com.au

  1. Your privacy is important to us 

At Truyu, we understand how important it is to keep any personal information we have, including about visitors browsing the Truyu Website http://www.truyu.com.au  (“Website”) or the Truyu app (“App”) and registered members of the Website or the App private, protected and safe. We are committed to protecting the personal information of individuals with whom we deal. 

You can be confident that we comply with the Privacy Act 1988 (Cth) (Privacy Act). This Privacy Policy outlines how we can collect, use, hold and disclose your personal information. 

Please read through this Policy carefully prior to using the Truyu Website or the App. The personal information we seek to collect about you is necessary for the service we provide. If you do not provide us with all of the information we require, we may not be able to deliver our service to you. 

We update this Policy when things change. You can always find the most up-to-date version through the Website or the App. 

  1. How do we collect your information? 

We collect your personal information directly from you most of the time, however on occasion, we may also collect information about you from other people and organisations. 
 

We collect personal information when you: 

  • onboard to use our products and services
  • enquire about or use our products or services 
  • contact us to make an enquiry or give us feedback 
  • visit our website or use our digital services 
  • participate in other activities we offer, such as feedback surveys or customer offers in relation to other CBA products and services 
  • talk to us or do business with us.

 

  1. What information do we collect? 

We usually collect the following types of personal information: 

Identity Information 

When you register for a Truyu account, we may collect identification information such as: 

  • Your full name and date of birth; 
  • Your contact details, such as your email address and phone number
  • Your identity documents, such as your driver’s licence or passport details; and
  • Your address

Sensitive information 

Our service provider, GBG, will collect an image of your face and images of your identification documents (such as driver’s licence or passport), for biometric identification purposes. This information will only be used to verify your identity when you register for identity usage monitoring so that we can make sure the ID your monitoring belongs to you. We do this to protect you against identity fraud. GBG will delete these images after 7 days. We'll always ask you for your permission to collect these images. For more information, view GBG’s Privacy Policy

Information required to provide service 

Data Breach Alerts

We collect your email address directly from you. We also collect information from service partners about whether your email address has appeared in a data breach.

ID Alerts

We collect your name, date of birth, and address directly from you to provide ID Alerts and match you with an existing credit file for monitoring. If a match is successful, we also collect your credit file history, which we immediately delete. When Experian notifies us of a credit enquiry or a new account opened on your credit file, we collect the date of the alert, the name and industry of the merchant, and the credit limit requested or opened.

Interaction information  

We may collect details of your interactions with us, such as when you email us to make an enquiry, provide feedback, or make a complaint 

Digital Information 

When you access the Website or the App, we collect your location information, IP address, mobile device and network information. The recording of such information enables us to optimise the App for our users, without identifying them. 

If you access the Website or the App, we will only store your personal information if you input it into the Website or the App through an online form, e.g. when you sign up, or email us.  

How safe and secure is the information we hold about You?

We take great care with the information We hold about You. Our aim is to ensure that any details are securely protected from misuse, interference and loss, and unauthorised access, modification or disclosure. We will take reasonable care to make sure that We keep Your information in an accurate, complete and up-to-date manner.

What about online security?

The Website and the App is professionally hosted and operates in a secure environment. The Website and the App uses encryption techniques to enhance Your privacy and security when using the Website and the App. You should however be aware that there is always an inherent risk in transmitting Your personal information via the internet.

How long do we keep information about You?

We will hold Your information for as long as You are an active member of Our service and Our service remains available. Upon termination of your subscription, We will remove your personal information immediately. Upon deletion of your account, We will remove Your account from Our service immediately. Experian may continue to send Us credit-related updates during this time.

We may also retain database backups which may contain personal information We have collected from You under this Privacy Policy. This information may be retained for the purposes of complying with applicable laws or for Our own security policies. We may continue to retain de-identified information for analytical and reporting purposes.

Your personal information and authority for us to act as your access seeker will be retained until the end of your subscription. If you no longer wish for us to hold your information, or wish to withdraw the authority for us to act as your access seeker, you may ask us to delete your personal data by contacting us at contact@truyu.com.au. Truyu will take reasonable steps to destroy or de-identify this data unless there is a business or legal requirement for us to retain it. 

  1. How do we use your information? 

Here is a list of ways we may use your personal information: 

Serving you as a customer 

We use your information to deliver our products and services, including to: 

  • Share your details with our service partners who assist us in providing our alerting services to you (see ‘Who do we share your information with’ below for further detail). 
  • Contact you, for example if we need to tell you something important, request customer feedback, or tell you about products or services we think may be of interest to you. 

Managing our operations 

We use your information to manage our operations, including to: 

  • Service your account with us including using third party providers (see ‘Who do we share your information with’ below for further detail). 
  • Handle your inquiries and communicate with you on your inquiries or complaints. 

Improving our business 

We use your information to improve the products and services we provide through activities such as: 

  • Reviewing customer feedback and assessing how you use our products and services. 
  • Conducting research and analytical activities (like de-identifying data to form aggregated insights), that allow us to improve our Website and App. 
  • Sharing insights with our service partners to improve the delivery of our product and service. 
  • Conduct internal system development testing and analysis. 

Managing security, risk, compliance and crime prevention 

We use your information to: 

  • Establish and verify your identity. 
  • Comply with our legal and regulatory obligations and assist government and law enforcement agencies or regulators. 
  • Support our administrative purposes and any other purposes permitted by law. 
  • Manage our risks and help identify and investigate any illegal activity, such as fraud.  

If you do not provide us with the information in whole or in part, we may not be able to provide you with our products and services. 

Using data 

Improvements in technology enable organisations, like us, to collect and use information to get a more integrated view of users and provide better products and services. We may combine user information with information available from a wide variety of external sources to analyse the data in order to gain useful insights. 

Do we use information for direct marketing? 

We may use personal information we collect about you to provide direct marketing offers for Truyu products and services, which we think, may be of interest to you, unless you tell us not to by opting out at any time. Opt-out may be in the form of an email or other electronic means.   

  1. Sending data overseas 

We may send your information to recipients located overseas, including to service providers and other third parties who operate or hold data outside Australia.  The purposes for which we may send your data overseas include for identity verification purposes, managing customer service, reporting and analytical purposes, and system development testing purposes. 

When we send your information overseas, it is likely to be the United States of America, these service providers include Twilio and SendGrid. If this happens, we require such organisations to have the appropriate data handling and security arrangements in place to ensure compliance with this Policy and the law. 

  1. Cookies and analytics 

What are cookies? 

Cookies are text files that are downloaded to your computer or mobile device when you access a website. As you browse, cookies gather and store some information about the way you use that website.  

Cookies allow the website to recognise your device each time you visit, providing you with a better experience because the site learns your preferences as you browse. Some types of cookies also perform essential functions to enhance how the site works.  

How we use cookies on the Website and the App 

Cookies are used on the Website to track your journey through the Website. The type of cookie we use collects no personal information at all. This simply allows us to see at a glance which pages and information are of most interest to visitors and members. Most browsers can be configured to refuse to accept cookies. You can also delete cookies, however, doing so may hinder your access to valuable areas of information within the Website. 

The App uses your device’s information, such as your device ID, and uses local secure storage to remember your login details. To delete your device information, you will need to delete or uninstall the App from your device or clear your local storage. 

Google Analytics Advertising Features and the cookies it uses 

We use Google Analytics features based on Display Advertising. You can opt-out of Google Analytics Advertising Feature by using the Google Ad Settings within the web-browser (https://adssettings.google.com/). In addition, you can use the Google Analytics Opt-Out Browser Add-on (https://tools.google.com/dlpage/gaoptout/ ) to disable tracking by Google Analytics. 

We use Google Analytics Demographics and Interest-Reporting to understand the spread of age ranges, gender, and geographic locations of Our users. This enables Us to tailor the Website, content and Our marketing around Our users’ interests. 

We may use “Remarketing” with Google Analytics and other platforms such as Facebook Retargeting to advertise online. This will utilise different cookies. Third-party vendors, including Google, Facebook and media agencies, show Our ads on websites across the internet. These third-party vendors use the cookies on Our Website to inform, optimise and serve ads based on Your past visits to Our Website. 

For further information about how Google Analytics collects and processes information, please refer to "How Google uses information from sites or apps that use our services", (located at https://policies.google.com/technologies/partner-sites ). 

  1. Who do we share your information with? 

We disclose personal information to third parties for the reasons mentioned in ‘How do we use your information?’. The types of third parties are listed below: 

  • Our parent company, the Commonwealth Bank of Australia and other members of the CommBank Group.
  • Our service partners including GBG, HaveIBeenPwned and Experian; 
  • Our suppliers, agents, associates, contractors and external service providers including SendGrid and Twilio; 
  • Our financial advisers, legal advisers or auditors; 
  • Regulatory bodies, government agencies and law enforcement bodies in any jurisdiction; and 
  • External dispute resolution schemes;

We may also provide personal information about you to external organisations in circumstances where we are required or authorised by law, or with your express consent. 

We will share aggregate data on the performance of the Website and the App and user behaviour analytics with our parent company, the Commonwealth Bank of Australia Group, this may include subsidiaries located outside Australia. 

  1. Keeping your information safe  

We take great care with the information we hold about you. Our aim is to ensure that details are securely protected from misuse, interference, and unauthorised access, modification or disclosure service. We take great care to make sure that we keep your information in an accurate, complete and up-to-date manner. 

The Website and the App are professionally hosted and operate in a secure environment. The Website and the App use encryption techniques to enhance your privacy and security when using the Website and the App. You should however be aware that there is always an inherent risk in transmitting your personal information via the internet, including by email. 

The period of time we keep your information will depend on the type of information we hold about you. Generally, your information will be retained while we have an ongoing relationship and for a period of time as required under specific legislation relating to the type of information held. 

  1. Accessing, updating and correcting your information 

Refer to Clause 4 and 5 on information we collect and store from You. You can contact Us if you have specific questions pertaining to your information. There is no fee to ask Us for Your personal information. We try to respond to Your personal information requests within 30 days after You ask Us for it. Before We give You the information, We will need to confirm Your identity. In some cases, We may refuse access or only give You access to certain information. If We do this, We’ll write to You explaining Our decision.

If You wish to access a copy of Your full free Experian credit report, please visit Experian’s website at http://www.experian.com.au .

We might contact You periodically or prompt You to update Your personal information when You log into the App. You can find information on how to contact Us under the Contact Us section of this Privacy Policy.

If You wish to update any information We hold about You, please delete your account and create your account using Your updated information.

If You think there is a mistake with Your credit reporting information, then it is important to first check Your credit report which You can obtain from Experian. If any details are wrong, You can ask either Experian or Your credit provider to have them corrected. 

Other important information 

Changes to the privacy policy 

Sometimes we update our Privacy Policy. Any modifications will be effective immediately upon posting the amended Privacy Policy on the Website or the App. We may contact you or notify you when you log into the Website or the App that there have been changes to our Privacy Policy. You can always find the most up-to-date version on the Website http://www.truyu.com.au  

  1. Making a privacy complaint 

We try to get things right the first time – but if we don’t, we’ll do what we can to fix it.  If you are concerned about your privacy, you can make a complaint by emailing us at complaints@truyu.com.au and we’ll do our best to sort it out.  

Once the complaint has been received, we’ll look into the issue and try to resolve it as soon as possible.  If we can’t we’ll write to you to let you know how we’ll manage the complaint. 

If your complaint is about how we handle your personal information, you can also contact the Office of the Australian Information Commissioner (OAIC): 

Office of the Australian Information Commissioner (OAIC) 

Website: www.oaic.gov.au 

Ph: 1300 363 992 

Postal address: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW, 2001 

  1. Contact Us 

Please contact us if you: 

  • Have a concern about the handling, use or disclosure of your personal information; 
  • Would like further information about the way we manage the personal information that we hold;  
  • Wish to access or update your personal information; or 
  • Have any other query or concern  

You can contact us via email at contact@truyu.com.au 

Our registered business address is: 

CBA New Digital Businesses Pty Ltd 

Commonwealth Bank Place South 

Level 1 

11 Harbour Street 

Sydney NSW 2000