Privacy Policy

The Code Compliance Monitoring Committee (the CCMC) is an independent compliance monitoring body established under clause 36 of the 2013 Code of Banking Practice (the Code).

Purpose of the Policy

This Policy is intended to ensure that the privacy of individuals is protected in the collection, use, disclosure and storage of personal information by the CCMC.

The Policy

1. The CCMC has developed this privacy policy to meet the requirements of the the Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles in  relation to the collection, use, disclosure and storage of personal information provided by individuals to the CCMC.

  • A copy of the Australian Privacy Principles is available on the website of the Office of the Australian Information Commissioner (OAIC).
  • The OAIC’s guidance on the Australian Privacy Principles is available here.

2. The CCMC will also comply with its Privacy and Confidentiality obligations under the Code and the CCMC Mandate as they apply to information provided to it by Code subscribers and parties to CCMC investigations.

  • A copy of the 2013 Code and CCMC Mandate are available on the CCMC’s website here.

3. The CCMC will take reasonable steps to ensure that the employees, consultants, independent contractors or agents of the CCMC will abide by the obligations under this Policy.

A copy of this Privacy Policy is available on the CCMC’s website and will be provided free of charge to anyone who asks for it.

Functions and Activities of the CCMC

The Australian Privacy Principles require the CCMC to include certain information in this Policy. This information is provided below.

In accordance with  Australian Privacy Principle 1.4(c), the collection, use and disclosure of personal information by the CCMC will be done for the purpose of carrying out its functions and activities. The key functions of the CCMC are set out in the Code and the CCMC Mandate and include:

  • investigating and determining allegations from any person that a code subscribing bank (the bank(s)) has breached the Code;
  • monitoring banks’ compliance with the Code, including initiating its own Inquiries into banks’ compliance with the Code; and
  • monitoring aspects of the Code referred to the CCMC by the Australian Banking Association (the ABA).

The CCMC will seek the consent of an individual before disclosing that person’s personal information to a third party. In most cases the disclosures will be limited to the relevant bank about which an individual has lodged a Code compliance concern to the CCMC.

The CCMC may provide information to individuals about the functions, activities and jurisdiction of the CCMC and information about other entities that may assist the individual.

Personal Information

In accordance with Australian Privacy Principle 1.4(a), the personal information that the CCMC may collect and hold about an individual includes:

  • names;
  • addresses;
  • telephone numbers;
  • email addresses;
  • dates of birth; and
  • gender.

In accordance with Australian Privacy Principle 1.4(b), the CCMC collects personal information in the following ways:

  • by email;
  • by written correspondence;
  • via an online form published on the CCMC’s website
  • by telephone or in person; and
  • fax.


The personal information of persons who engage with the CCMC will be securely stored:

  • in electronic form on the CCMC’s computer systems; and
  • as physical document files in locked cabinets.

Anonymity and pseudonymity

In accordance with Australian Privacy Principles 2 and 5.2(e), individuals may choose not to identify themselves, or to use a pseudonym, when dealing with the CCMC. However where this occurs the CCMC may not be able to carry out some or all of the functions for which personal information is required, including investigating an allegation, where certain personal information has not been provided.

Individuals who contact the CCMC by telephone are not required to disclose their identity, but may be asked to provide non identifying information such as their postcode for statistical purposes.

Overseas recipients

In accordance with Australian Privacy Principles 1.4(f), 1.4(g) and 5.2(i), the CCMC is unlikely to disclose personal information to overseas recipients without the permission of the individual unless the disclosure is required by an Australian law or a court/tribunal order.

Contacting the CCMC

In accordance with Australian Privacy Principle 1.4(d), any individual who wishes to gain access to personal information held by the CCMC about themselves or seek a correction to that information should write to the Chief Executive Officer of the CCMC.

In accordance with Australian Privacy Principle 1.4(e), a complaint about a breach of the Australian Privacy Principles by the CCMC can be made to the Chief Executive Officer who will investigate the complaint and provide a timely response.

The contact details for these purposes are as follows:

The Chief Executive Officer

Code Compliance Monitoring Committee

P.O. Box 14240


VIC 8001

Telephone: 1800 931 678 (ask for the Code Compliance and Monitoring team)