Skip to main contentSkip to navigation

PaidIt Privacy Policy

About us

PaidIt means CBA New Digital Businesses Pty Ltd (NDB), a wholly owned subsidiary of the Commonwealth Bank of Australia (CBA). PaidIt is a service that securely verifies individuals' identity and collects their bank account details digitally.

In this Privacy Policy, 'we', 'us' or 'our' refers to PaidIt.

At PaidIt, we are committed to protecting the personal information of individuals with whom we deal. PaidIt is responsible for the collection and handling of your personal information in accordance with the Privacy Act 1988 (Cth). This Privacy Policy outlines how we can collect, use, hold and disclose your personal information.

Please read through this Privacy Policy carefully prior to using the PaidIt service. The personal information we seek to collect about you is necessary for the service we provide. If you do not provide us with all of the information we require, we may not be able to deliver our service to you.

We update our Privacy Policy when things change. We will let you know if there are any changes to this Privacy Policy.

1. How do we collect your information?

We collect information about you when you use our products or services, or deal with us. We may also collect information about you from other people and organisations.

The ways we collect information from you

We collect personal information when you:

  • enquire about or use our products or services
  • contact us to make an enquiry or give us feedback
  • use our digital services
  • participate in other activities we offer, such as feedback surveys
  • talk to us or do business with us

The ways we collect your information from others

We also collect personal information about you from others, such as:

  • information we receive from our corporate clients (i.e., the company responsible for paying your dividends) when we receive a request from them to verify your identity and bank account details; and
  • third-party service providers, who assist us in completing our digital identity and bank account verification.

2. What information do we collect?

We may collect the following types of personal information:

Types of personal information

What kinds of personal information might be involved:

a) Personal and contact details This may include your full name, other previous names, address, phone number and email address.

b) Financial information Information such as your bank account details and dividend amount.

c) Interaction information We may collect details of your interactions with us, such as when you use our online service, email us to make an enquiry, provide feedback, or make a complaint.

d) Digital information We collect information from you electronically when you use our online service, such as:

  • IP address
  • Information about your location, such as general geographic location that we may derive from your IP address

3. How do we use your information?

Here is a list of ways we may use your personal information:

a) Serving you as a customer We use your information to deliver our products and services, including to:

  • Verify your identity and bank details.
  • Share your verified information with the company responsible for paying your dividends.
  • Contact you, for example if we need to tell you something important, request customer feedback, or tell you about products or services we think may be of interest to you.

b) Managing our operations We use your information to manage our operations, including to:

  • Deliver our products and services (see Section 4 'Who do we share your information with' below for further detail).
  • Handle your inquiries and communicate with you on your inquiries or complaints.

c) Improving our business We use your information to improve the products and services we provide through activities such as:

  • Reviewing customer feedback and assessing how you use our products and services.
  • Conducting research and analytical activities (like de-identifying data to form aggregated insights), that allow us to develop our Website and App.
  • Sharing deidentified insights with our service partners to improve the delivery of our product and service.
  • Conduct internal system development testing and analysis.

d) Managing security, risk and crime prevention We use your information to:

  • Manage our risks and help identify and investigate any illegal activity, such as fraud.
  • Support the management of our information security and network controls to prevent cyber-attacks, unauthorised access and other criminal or malicious activities.

e) To comply with our legal obligations Where required, we use your personal information to comply with the law, including our regulatory obligations, including to:

  • Share relevant information with law enforcement agencies, tax authorities and other regulatory bodies.

If you do not provide us with the information in whole or in part, we may not be able to provide you with our products and services.

f) Using data Improvements in technology enable organisations, like us, to collect and use information to get a more integrated view of users and provide better products and services. We may combine user information with information available from a wide variety of external sources to analyse the data in order to gain useful insights.

4. Who do we share your information with?

We may share your information with third parties for the reasons noted in 'How do we use your information' or where the law otherwise allows or requires us to. These third parties can include:

  • Our external service providers that we engage to perform services for us;
  • External organisations in circumstances where we are required or authorised by law, or with your consent;
  • Our financial advisers, legal advisers or auditors;
  • Regulatory bodies, government agencies and law enforcement bodies in any jurisdiction; and
  • External dispute resolution schemes.

We may also provide personal information about you to external organisations in circumstances where we are required or authorised by law, or with your express consent.

We may share aggregate data on the performance with our parent company, the Commonwealth Bank of Australia Group.

5. Keeping your information safe

We take great care with the information we hold about you. Our aim is to ensure that details are securely protected from misuse, interference, and unauthorised access, modification or disclosure. We take great care to make sure that we keep your information in an accurate, complete and up-to-date manner.

The period of time we keep your information will depend on the type of information we hold about you. Generally, your information will be retained while we have an ongoing relationship and for a period of time as required under specific legislation relating to the type of information held.

6. Accessing, updating and correcting your information

You can access the personal information we hold about you by contacting us at complaints@x15.com.au. There is no fee to ask us for your personal information. We try to make your personal information available within 30 days after you ask us for it, but we will let you know if we need more time. Before we give you the information, we will need to confirm your identity. In some cases, we may refuse access or only give you access to certain information. If we do this, we'll write to you explaining our decision.

It is important for us, and for you, that the information we hold is accurate and up to date. If your information isn't correct or needs updating, let us know straight away so we can assist you in updating your information.

7. Making a privacy complaint

We try to get things right the first time – but if we don't, we'll do what we can to fix it. If you are concerned about your privacy, you can make a complaint by emailing us at complaints@x15.com.au and we'll do our best to sort it out.

If your complaint is about how we handle your personal information, you can also contact the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au

Ph: 1300 363 992

Postal address: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW, 2001

8. Contact Us

Please contact us if you:

  • Have a concern about the handling, use or disclosure of your personal information;
  • Would like further information about the way we manage the personal information that we hold;
  • Wish to access or update your personal information; or
  • Have any other query or concern

You can contact us via email at complaints@x15.com.au

Our registered business address is:

CBA New Digital Businesses Pty Ltd Commonwealth Bank Place South Level 1 11 Harbour Street Sydney NSW 2000