Last update: January 27, 2023

This Privacy Policy applies to information collected by The Bank of New York Mellon, acting through its Australia Branch and its related body corporates that are incorporated in Australia ("BNY Mellon" or "we"). Each entity to which this Privacy Policy applies is listed below:

  • The Bank of New York Mellon, Australia Branch (ARBN 084 066 419)
  • BNY Mellon Australia Pty Limited (ACN 113 947 309)
  • BNY Trust (Australia) Registry Limited (ACN 000 334 636)
  • BNY Trust Company of Australia Limited (ACN 050 294 052)
  • BTA Institutional Services Australia Limited (ACN 002 916 396)
  • GT Australia Nominees Limited (ACN 003 646 062)
  • Permanent Custodians Limited (ACN 001 426 384)
  • Eagle Investment Systems Australia Pty Limited (ACN 604 847 323)
  • Milestone Group Pty Ltd (ACN 083 166 616)

This Privacy Policy outlines how we manage your personal information and safeguard your privacy in relation to that personal information.


At BNY Mellon, we recognise that you are concerned about privacy and the security of your personal information. Your privacy is important to us and we are bound by the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APP”). This Privacy Policy sets out our policy on how we collect, hold, use and disclose your personal information.


1. What personal information is collected and held?


BNY Mellon only collects and holds personal information that is reasonably necessary for us to perform our functions. Our functions consist principally of wholesale banking, and corporate trustee services such as acting as a trustee for securitised lending programs. If you do not provide the information that we ask, we may not be able to provide the products or services you have requested.


We may collect personal information such as your name, address, phone number or any other information that may be required for identification purposes or for client relationship management purpose. We may also collect other information such as details of a loan or security that you have provided to us when we act as the trustee for a lending program.


From time to time, we may also collect personal information about individuals such as company directors or guarantors whom we may deal with. There may be other circumstances where we may collect personal information from contractors who are contracted to perform services for us or persons who apply for employment with us. The information that we collect may, in addition to information listed above, include contact details, educational qualifications and information about your past work history.


When we collect personal information from you as required by law, we will use such steps as are reasonable in the circumstances to advise you of this. BNY Mellon only collects personal information by lawful and fair means.


Where we act as a custodian or trustee, we may also collect and hold credit information or credit eligibility information in relation to you.


We have included an additional statement about our practices in relation to credit information and credit eligibility information in the Schedule to this Privacy Policy.


2. How personal information is collected and held


BNY Mellon collects your personal information in a number of ways including:

  • directly from you, such as when you provide the information by phone, email or in an application form for a job vacancy at BNY Mellon or when you deal with us as a key contact or employee of a wholesale client;
  • from other persons involved in trusts for which we act as a trustee or custodian (for example managers and originators involved in a lending program);
  • from other BNY Mellon group companies.

Where we collect information from other persons about you, we will take such steps as are reasonable in the circumstances to let you know that we hold personal information about you (for example by asking that any loan application form includes a statement about us collecting your information).


We may hold information in our own right, or in a more limited capacity as the trustee of a trust.


Where we hold information as a trustee, this means we may be subject to obligations only to use and disclose that personal information for the purposes of the relevant trust. It also means that the relevant manager that manages the operations of the trust on a day-to-day basis will also hold your personal information. When we accept appointment to act as a trustee, we require the relevant manager to comply with the law relating to privacy when they deal with your personal information.



We may also collect limited personal information about you using cookies, web beacons and similar technologies ("Cookies") placed on your browser by our software application when you use our websites. A Cookie will not contain information that will enable us to contact you via telephone, e-mail, or other means but may for example, collect your IP address for information security and data analytics purposes. For further information please see our Cookie Policy.


3. What if you do not provide certain information?


If you provide us with incomplete information, we may not be able to provide you with the product or service until the documentation / information request is complete.


If you do not provide us with all relevant identity verification documents, or adequately satisfy electronic identity verification requirements, we may not be able to provide you, or continue to provide you with the product or service.


In particular as a provider of financial and credit service and products in Australia we have obligations under the Anti-money Laundering and Counter-Terrorism Financing Act 2006 (Cth) to collect certain information about persons to whom we provide our services (including account signatories, directors and beneficial owners). If we do not collect this information, we may not be permitted by law to provide those services.


4. Use and disclosure of your personal information


BNY Mellon may use or disclose your personal information for the primary purpose of providing the products and/or services requested, as well as for related purposes such as:

  • to verify your identity or transactions which you may enter into with us;
  • to administer and manage the provision of our products and services;
  • to respond to queries, complaints or to provide you with our general customer services;
  • to provide you with offers of other BNY Mellon products or services;
  • to comply with laws and regulatory requirements including complying with any request made by a governmental authority in connection with legal proceedings or the prevention or detection of fraud and crime;
  • to comply with BNY Mellon's risk management policies and procedures;
  • perform trustee services or act as a custodian;
  • conducting due diligence as part of a pre-employment screening or client on boarding; or
  • to train our staff.

We will not, however, use your personal information other than for:

  • a purpose made known to you;
  • a purpose you would reasonably expect;
  • a purpose required or permitted by law; or
  • a purpose otherwise authorised by you.

Depending on the circumstances, the types of people to whom we may disclose personal information include:

  • our related bodies corporate (including other entities to which this Privacy Policy applies);
  • our professional advisors and consultants such as lawyers and auditors;
  • our insurers;
  • other persons involved in a trust where we act as trustee or custodian (including financial institutions, originators or persons providing finance); or
  • service providers.

5. Use of service providers


Your personal information may be disclosed to third parties in order to issue or provide you the product or service that you requested, when we have outsourced certain functions associated with such product or services and as required or permitted by law. Only information necessary for the service provider to carry out their function will be provided and will be subject to confidentiality clauses in the relevant services agreement.


6. Changes to personal information


Changes to your personal information can happen from time-to-time and we ask that you keep us informed of any changes by notifying us in writing. We may also ask you to review, confirm and advise us of changes to your personal information.


7. Storage and security of information


BNY Mellon stores personal information in a combination of computer storage facilities, paper-based files and other records. We will take reasonable steps to protect personal information from loss, misuse, unauthorised access, modification or disclosure.


We will also ensure that any service providers (including managers or trusts) that we deal with also take such steps.


Where practicable, we aim to keep your information only for as long as required to fulfil the purposes for which your information was collected, used or disclosed, and to meet our legal and regulatory obligations. When we no longer require your information, we will take reasonable steps to destroy or de-identify your information in line with our corporate retention schedules.


Where BNY Mellon is aware that there are reasonable grounds to believe there has been unauthorised access to, unauthorised disclosure of, or a loss of personal information that BNY Mellon holds, and is likely to result in serious harm to persons concerned in the personal information accessed, disclosed and/or lost, then a notification to the persons concerned and Office of the Australian Information Commissioner (“OAIC”) might be required pursuant to the Privacy Act 1988. Such disclosure would include a description of the data breach and the kinds of information concerned, but would not include the personal information.


8. Access and correction


You have a right to access the personal information that we hold about you (subject to some exceptions). You can contact our Privacy Officer (details below) to make a request. Generally, BNY Mellon will, after verifying your identity, provide you with access within a reasonable time frame, to your personal information that we hold, unless a particular exception applies, such as where:

  • it would be unlawful to provide the information;
  • providing access would be likely to prejudice an investigation of possible unlawful activity;
  • it would pose a serious and imminent threat to the life or health of any individual; or
  • the request is frivolous or vexatious.

If a request for access would divulge a commercially sensitive decision-making process, then BNY Mellon may provide an explanation rather than direct access to the information.


If your request relates to information about a trust or lending program for which we act as a custodian or trustee, we may not hold all of the information about you that is relevant to that trust or lending program. The relevant manager of that trust with whom you deal with on a day-to-day basis may hold more information than we do. We may need to refer your request to the relevant manager to respond to your request. You may prefer to make your application directly to the relevant manager. For example, for a lending program, the manager is the person that you have day to day contact for the administration of your loan. If you are not sure who the manager is, we can provide you with the details of that manager to assist you in an access request.


We will respond to your request within a reasonable period. Before granting you access we may ask you for proof of your identity or any authorisation that you hold to obtain access.


9. Correction


You may also seek correction of the personal information that we hold about you. You may do so by contacting the Privacy Officer below.


If you are able to establish personal information that BNY Mellon holds is inaccurate, incomplete or out-of-date, then we will amend it and respond to your request within a reasonable time. If you and BNY Mellon disagree about the accuracy, completeness or currency of our records, then you have the right to request that we note your disagreement on those records under the APP.


As with access requests, if the information that we hold about you is in relation to a trust of lending program then the relevant manager of that program may hold more information than we do. We may need to refer your request to the manager. You are free to make your correction request directly to that manager if you prefer.


10. Identifiers


BNY Mellon does not use any government-issued identifiers (such as Tax File Numbers) for use as its own identifier.


11. Anonymity


Given legal requirements on financial institutions to identify their customers, we would be unable to allow you to transact with us on the basis of anonymity. However, access to the BNY Mellon public website, and some other interactions with us may be done anonymously and you may make general enquiries about our products and services on an anonymous basis if you so choose.


12. Cross-border disclosure of personal information


BNY Mellon may transfer personal information within BNY Mellon, to related body corporates, regulators and unaffiliated service providers in locations beyond Australia (including, but not limited to, the United States, India, the United Kingdom, Belgium, Singapore, Hong Kong and other members of the European Union) in the course of storing that information and when using or disclosing it for one of the purposes referred to above. When transferring personal information to foreign jurisdictions, BNY Mellon will only do so where the recipient is subject to binding requirements similar to those in Australia or where we are satisfied that the recipient will not use the personal information except in a manner that is consistent with our obligations under the Privacy Act.


13. Openness and changes to this Privacy Policy


This Privacy Policy sets out BNY Mellon's policies on the management of personal information and is subject to change from time to time. For example, there may be a change in the law or its interpretation or we may change the way that we carry on our business. We will seek to update this Privacy Policy in a timely manner should a change occur.


The last date on which this policy was updated was 23 January 2023.


14. Contacting us and complaints


If you would like more information about how we manage your personal information, please contact us on +61 2 9260 6019, or write to us at the following address:


BNY Mellon
Privacy Officer
Level 2, 1 Bligh Street
Sydney NSW 2000

If you wish to raise any concerns about mishandling of your personal information under this Privacy Policy or the APP, please contact our Privacy Officer in writing via email or post. We will make every effort to resolve your complaint internally. In order to assist you with the complaint, we ask you to:

  • identify yourself
  • give any identification or reference number(s), if relevant
  • give a brief description of the matter what happened, when it happened and any consequences and why you think your personal information has been mishandled
  • what you’d like us to do to resolve the matter
  • provide your contact details so that we can respond to you

We will use our best endeavours to respond and resolve any complaint to your reasonable satisfaction. If you are unhappy with our response, you may lodge a complaint with the OAIC, please contact the OAIC's hotline service on 1300 363 992. Further information may also be available from the OAIC website



If your complaint relates to a breach of privacy in relation to a lending program or trust you may wish to take your complaint directly to the relevant manager. You may also have rights to take your complaint to an external dispute resolution scheme where credit is involved. This may depend on the particular lending scheme in question. Your loan documents, the manager's website or the manager will have more information about external dispute resolution options that may be available to you.


Use of our web site


Please refer to the following website page of information about use of our website and cookies.


Residents of foreign countries


If you are a resident of a country other than Australia, you may have other rights in relation to privacy and data protection according to the legislation of that country.


If you are a resident of the European Economic Area (the EEA), the General Data Protection Regulation will confer rights to you in relation to your personal information. These rights include the right to access, rectify/erase and restrict the processing and use of your personal information.


Please refer to the following website page for a privacy notice which applies to you if you are a resident of the EEA and which provides further information about those rights.


Schedule to Privacy Policy - Additional statements with respect to credit information and credit eligibility information


What credit information and credit eligibility information do we collect and hold?


Credit information and credit eligibility information are particular types of personal information that are subject to separate regulation under the Privacy Act. This statement applies in respect of these categories of information.


We may collect, hold, use or disclose credit information and credit eligibility about individuals.


This is usually only in relation to a lending program where we have agreed to act as the trustee. Depending on the particular program or the circumstances this may include information that you have provided in your loan application, information about that has been obtained from a credit reporting body (this is sometimes called credit eligibility information), information about your obligations under the loan and whether or not you are meeting your obligations under a loan.


Credit eligibility information may include identification information, information about your current liabilities, repayment history or defaults (each in respect of consumer credit) and other information (including publicly available sources like court proceedings or personal insolvency information) that a credit reporting body is entitled to disclose to a credit provider. We do not usually derive information from credit eligibility information although we may hold information that a loan manager has derived from credit eligibility information such as a credit score.


We may not hold all of these types of information. Sometimes we will only hold basic categories of this type of information (with more detailed information being held only by the relevant loan manager).


We will require that relevant loan managers manage this information in accordance with the requirements of law. This includes the specific provisions of the Privacy Act that deal with credit information and credit eligibility information. It also includes any provisions of the Privacy (Credit Reporting) Code 2014 (“Credit Reporting Code”) that may apply to that information.


How can you find out about credit reporting bodies with credit information may be exchanged?


The extent to which we or a loan manager may hold credit eligibility information or exchange credit information with a credit reporting body will vary according to the type of loan, the particular lending program or the particular circumstances.


We will ask the relevant loan managers to take reasonable steps to advise you about the involvement of a credit reporting body. This information may be available in your loan documents, your loan application form or from your loan manager. We suggest that you contact your loan manager in the first instance if you have any questions (for example if you wish to contact the relevant credit reporting body to see its privacy policy or to request access to or correct of information that the credit reporting body holds about you).


Why do we use or disclose this information?


We only use or disclose credit information or credit eligibility information about you for the purposes of the lending program to which it relates. This may include use and disclosure that is for the purposes of considering loan suitability and for the administration and enforcement of loans.


Request for access and correction


You may make a request to access or correct credit information or credit eligibility information that we hold (if any) about you by using the contact details for our Privacy Officer (see our Privacy Policy). We will always ask you to provide evidence of your identity before we grant you access to credit eligibility information.


We will normally need to consult with the loan manager to consider your requests. Alternatively, you may wish to make an access or correction request directly to the loan manager. Often this will be a quicker and more effective way of making a request for access and correction because the loan manager will usually hold more information than us.


You may have different rights than those contained in the APP in relation to access to or correction of credit eligibility information. For example, where you request a correction to credit information we may be required to consult with another interested party (such as a credit reporting body or another credit provider) to consider your request. We may also have obligations to advise previous recipients of the information about a correction that we make. You also have a specific right to appoint a person to seek access credit eligibility information on your behalf.


We will comply with any higher standards or requirements that are applicable for access to or correction of credit eligibility information (including any requirements contained in the Credit Reporting Code). For example, in most cases we will try to respond to your request within 30 days.


We will advise you if we cannot agree to your request for access or correction.




You may make a complaint to us if you consider that we have not complied with our obligations under any applicable law relating to credit information or credit eligibility information (including any provisions of the Credit Reporting Code that apply to us). Please see our general Privacy Policy about how to make complaints.


Cross border disclosure


The Australia Branch of BNY Mellon is an international bank which carries on business in Australia. We may transfer personal information to our home office or related bodies corporate and service providers in locations beyond Australia (including, but not limited to, the United States, India, the United Kingdom, Belgium, Singapore, Hong Kong and other members of the European Union) in the course of storing that information and when using or disclosing it for one of the purposes referred to above. We may be required by law to disclose some personal information to regulatory authorities in those jurisdictions.


Where we disclose information to an overseas recipient, we will take such steps as are reasonable to ensure that:


(a) any related body corporate that is located overseas will not use or disclose that information except in circumstances where we would be entitled to use or disclose it (or for a purpose that is permitted by law); and


(b) where the disclosure is made to assist in assessing or management of credit the credit eligibility information is only used or disclosed by that person for such purposes.


We will also take reasonable steps to ensure that the overseas recipient does not breach the provisions of the APP to the extent that they apply to us in relation to the information.