1 Digital Identity Transactions

(a) We offer an “Identity Service” whereby you can request us to provide identity and attribute information (together Identity Data) about you to a third-party service provider so that you can conduct business with that third service provider (the Service Provider). Identity Data may include information such as your name, telephone number, email, date of birth or address.

(b) This service is only available where the eligibility criteria set out in section the section entitled “Eligibility” have been met, and where the Service Provider holds valid accreditation as part of the “ConnectID Network”.

(c) The “ConnectID Network” facilitates the transfer of Identity Data between us and Service Providers (each a Digital Identity Transaction). The ConnectID Operator does not access or hold your Identity Data and the transfer of Identity Data occurs directly from us to the relevant Service Provider.

(d) Any Digital Identity Transaction only occurs at your request, and any Identity Data will only be provided to the Service Provider selected by you and with your express consent. If you do not provide your consent, we will not perform the Digital Identity Transaction.

(e) Each Digital Identity Transaction is a one off-transfer of Identity Data, and any further transfers of Identity Data, including to the same Service Provider, will require further consent from you and a new Digital Identity Transaction.

Eligibility

We will only execute Digital Identity Transactions for you if:

(a) you have a digital account enabled with us;

(b) you are at least 18 years old; and

(c) we are confident that certain core identity data is current and correct.

2 Customer acknowledgments

(a) You acknowledge and agree that:

(i) any Digital Identity Transaction requested by you using the “Identity Service” is governed by these terms;

(ii) each time you request that we transfer your Identity Data to a Service Provider, you have ensured that the Service Provider’s request is valid and is made by a Service Provider that requires your Identity Data;

(iii) you will be asked by us to review the Identity Data to be transferred to the Service Provider, to verify its accuracy and expressly consent to such transfer;

(iv) where you consent to the transfer of Identity Data to a Service Provider:

(a) we cannot control and are not responsible for the security or handling of any Identity Data that has been transferred to the relevant Service Provider;

(b) the Service Provider’s use, storage and disclosure of your Identity Data is governed by their terms with you and their privacy policy, and not our terms with you or our Privacy Policy; and

(c) if the Service Provider suffers a security or data incident that impacts your Identity Data, you acknowledge the Service Provider may provide us information about such incident, including your Personal Information impacted by the incident, which we may use to seek to prevent or respond to cyber security incidents, fraud, scam activity or identify theft;

(v) We do not endorse or make any representations or recommendations in respect of any Service Providers, including in respect of the suitability of their security or privacy practices.

(vi) both us and the ConnectID Operator exclude all liability to you to the maximum extent permitted by law in connection with any acts or omissions of the Service Provider.

(a) The exclusions in this section that relate to the ConnectID operator are held on trust by us for the ConnectID Operator. This means that, although the ConnectID Operator is not a party to these terms, it can rely on your acknowledgement of and agreement to these exclusions.

(b) Please note that Digital Identity Transactions operate separately to requests made pursuant to the Consumer Data Right scheme. If you would like to learn more about how you may use the Consumer Data Right scheme please visit Open Banking.

3 Your Transaction Record

(a) If we participate in a Digital Identity Transaction relating to you, we will keep a record of Digital Identity Transaction processed or requested (even if not completed) (Your Transaction Record).

(b) Your Transaction Record is accessible by you via your consent transactions dashboard. For more information on how to access your consent dashboard please see ConnectID and your digital identity.

(c) Your Transaction Record contains the following information relating to each Digital Identity Transaction;

(i) the identity of the Service Provider;

(ii) the date of the transaction; and

(iii) the types of identity data shared with the Service Provider (if any).

(d) We will handle Your Transaction Record in accordance with our Privacy Policy.

(e) We may provide details in respect of Your Transaction Record to the ConnectID Operator in connection with their operation, administration and governance of the “ConnectID Network”, fraud detection and investigation purposes and for other purposes set out in the ConnectID Privacy Policy, opens in new window.

4 Withholding the service

Acting reasonably may withdraw or suspend the Identity Service, and we may also be unable to process a Digital Identity Transaction relating to you for a number of reasons, including if:

(a) you do not meet the eligibility requirements set out in the section entitled “Eligibility”;

(b) we have been unable to confirm the accuracy of Identity Data we hold about you or cannot meet the requirements for the Identity Data requested by the Service Provider;

(c) we suspect on reasonable grounds that any fraud (including identity fraud) or security incident has or may be occurring in connection with you, your account or the relevant Service Provider;

(d) our participation in the “ConnectID Network” has been suspended or terminated;

(e) we have restricted or blocked you from transacting with us in accordance with any of our applicable product terms and conditions;

(f) we reasonably believe that the Digital Identity Transaction requires intervention, for example because it relates to you as a vulnerable person; or

(g) the Service Provider that you wish to conduct business with:

(i) has made a request which is not consistent with the requests they are permitted to make as a participant in the “ConnectID Network”; or

(ii) provides services that you have elected to exclude yourself from in accordance with our processes for the same, for example if the Service Provider offers gambling services and you have blocked your account with us from being used for gambling transactions.

5 Fees

We will not charge you any fees to perform a Digital Identity Transaction for you, however we may receive a commission or other payment from the ConnectID Operator as a result of successfully executing the Digital Identity Transaction.

6 Access and updates to your Identity Data

(a) You can request access to, or correction of, your Personal Information held by us by contacting us in accordance with the procedures set out in our Privacy Policy.

(b) For clarity, where you update your record of Personal Information with us, this will not update your existing record with a Service Provider.

(c) If you have any suspicions of fraud in relation to your identity or account with us or any Digital Identity Transaction that you did not authorise, you must notify us as soon as possible.

7 Complaints

(a) If you have any complaints relating to our participation in a Digital Identity Transaction relating to you, visit nab.com.au/contact-us/feedback.

(b) If you wish to raise a dispute relating to a Digital Identity Transaction, visit Report fraud and scams.

(c) However, please note that if your complaint or dispute relates to activities of a Service Provider to whom you have requested we disclose Identity Data, we may direct you to contact that Service Provider directly.

8 Dictionary definitions

ConnectID Operator means eftpos Digital Identity Pty Ltd trading (ABN 80 648 970 101) as “ConnectID” or its Related Bodies Corporate (as this term is defined in the Corporations Act 2001 (Cth)).

ConnectID Privacy Policy means the privacy policy published by the ConnectID Operator, opens in new window as amended from time to time and that concerns the handling of Personal Information by the ConnectID Operator in connection with the “ConnectID Network”.

Digital Identity Transaction has the meaning given in section 1(c). Identity Data has the meaning given in section 1(a).

Personal Information means personal information, as that term is defined in the Privacy Law.

Privacy Law means the Privacy Act 1988 (Cth) [or as applicable] and any privacy legislation which applies to you from time to time in force in Australia.

Privacy Policy means our Privacy Policy as amended from time to time.

Service Provider has the meaning given in section 1(a).

We means National Australia Bank. Any other grammatical form of the word “we” has a corresponding meaning.

Your Transaction Record has the meaning given in section 3(a).

You means the customer, member, client, service recipient or other person that we provide services to from time to time. Any other grammatical form of the word “you” has a corresponding meaning.

Important information