Privacy and security
Download a PDF version.
This policy sets out how Virgin Money handles your personal information and explains the measures we have taken to make sure we abide by the Privacy Act 1988 (Cth), (Privacy Act) which includes the Australian Privacy Principles.
It also aims to answer all the questions you might have about how we collect, hold, use and disclose your personal information.
These principles may not apply to certain records and practices relating to the employment relationship between us and our employees or to certain disclosures between related bodies corporate.
What is 'personal information'?
“Personal information” is information or an opinion about a reasonably identifiable individual. The types of personal information that we collect and hold include the information you give us when you make an enquiry, register as a customer or apply for a product, including your contact details and general demographic and financial information.
We also collect and hold information about how you use our products and consume our services, including transaction and payment information, and details of any contact you have with our staff. We may also collect information regarding your internet activity (including your location) when you use our website, mobile app or online services.
Why do we collect personal information?
As a general rule, the collection, holding and use of your personal information will be necessary for us to provide you with particular services. This includes:
- assess your application for our products and services
- managing your account
- sending you statements and other information
- you know about features, rewards or offers you may be eligible to receive
- responding to your questions
- solving your problems
- knowing what type of services are likely to be useful to you
- verifying your identity
- minimise risks and identify or investigate fraud, possible money laundering or terrorism financing activities or other illegal activities
- to comply with laws and assist government or law enforcement agencies
- develop a better understanding of your needs using information we have about you or our other customers (transaction information), data from other sources such as third party websites or the Australian Bureau of Statistics.
If you don’t provide us with your personal information or otherwise authorise us to collect this information from third parties, we may not be able to provide you with one or more of our services.
We may also use and exchange your information for other reasons where the law allows or requires us to do so.
Is any of the information we collect required by law?
Yes, we may also collect your personal information to comply with legislative and regulatory requirements including, but not limited to, those imposed by the:
- Superannuation Industry (Supervision) Act 1993
- Superannuation Guarantee (Administration) Act 1992
- Insurance Contracts Act 1986
- Corporations Act 2001
- National Consumer Credit Protection Act 2009
- Anti-Money Laundering and Counter -Terrorism Financing Act 2006
Do you ever send me advertising materials?
From time to time, we may also use your personal information to let you know about other products and services from Virgin Money that you might be interested in. We might also want to let you know about products and services from Virgin Group Companies, partners, merchants and other companies.
What if I don't want to receive advertising materials?
If you apply for any Virgin Money products and your application is declined, we may keep your details on file to let you know about future Virgin Money products.
How do we collect personal information?
We will ordinarily collect any information about you directly from you or where it is provided to us with your authority. For example, we collect personal information directly from you through forms you fill out when applying for our products and services, when you make a claim under an insurance policy or through your ongoing interaction with us.
When you call us on the telephone, we may monitor and in some cases record the telephone conversation for staff training and record-keeping purposes. Further, when we communicate with you by email, we may use technology to identify you so that we will be in a position to know when you have opened the email or clicked on a link in the email.
When you use the Virgin Money App we may collect information about and/or monitor your activities, transactions, location, and behaviours.
From time to time we may receive information that we have not asked for about you from third parties. We will only keep, use and disclose this information as permitted by law.
Further, if personal information about you is collected by third parties on any website you have accessed through our websites or mobile app, we may also collect or have access to that information as part of our arrangement with those third parties.
We may also collect basic personal information about third parties (e.g. an employer or a health provider) if provided by an applicant or claimant.
- Online links to Third Party and Co-Branded sites?
How do we store personal information?
We store your personal information in a number of ways including:
- on secure servers including on cloud based services;
- in electronic systems and devices;
- in telephone recordings:
- in paper files; and
- document retention services off-site.
This may include storage on our behalf by third party service providers. See our comments below about how we protect your information.
Why do we exchange personal information with third parties?
We may sometimes exchange your personal information with other companies to deliver our products or services to you which may include marketing our own products.
The types of organisations to which we may disclose this information include other financial services companies, loyalty or rewards providers that we partner with to provide our products and services, regulatory bodies and government agencies, courts and external dispute resolution schemes, your agents, including brokers or financial advisers, our agents, contractors and professional advisers who assist us in providing our services, your referees and guarantors, your or our insurers, and organisations that carry out functions on our behalf including mailing houses, data processors, researchers and analysts, system developers or testers, accountants, auditors and lawyers. While we share your information with them, these partners are not able to disclose it to others or use it for purposes other than the delivery of Virgin Money products and services unless you have provided consent.
We may also disclose your personal information to third parties where you request us to or consent to us doing so or in order to fulfill our legal obligations. The information we provide to other organisations will be limited to what is required to provide the service or comply with the law. We don’t give your personal information to other companies for any other purposes not mentioned above e.g. marketing non Virgin Money products and services.
Exchange of information within the group
We may also exchange information between members of the Bank of Queensland Group of Companies, including Virgin Money (Australia) Pty Limited and Virgin Money Financial Services Pty Ltd.
Exchange of information with overseas parties
Some of the parties with which we exchange your personal information, including our partners, service providers and other third parties listed above, may be located outside Australia in countries including New Zealand, Thailand, China, Philippines, India, Singapore, the United States of America, United Kingdom, Spain, Israel and The Netherlands. When we do disclose and/or store personal information overseas, we protect that information with various security measures and contractual safeguards.
Access and correction to your personal information
We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date.
Under certain circumstances, we may not tell you what personal information we hold about you or allow you to access that information, for example where the information relates to legal proceedings with you or where we are prevented by law from disclosing the information, or providing access would prejudice certain investigations. If one of the exceptions applies, we will consider whether the use of an intermediary is appropriate and would allow sufficient access to meet the needs of both parties. Where we do grant access to your information, we may charge you a fee for accessing your personal information.
Under the Privacy Act, you also have a right to request that we correct information that you believe to be inaccurate, out of date, incomplete, irrelevant or misleading. If at any time you believe that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please advise us by calling our Privacy Officer on +61 2 8222 8000 or emailing us at firstname.lastname@example.org and we will take all reasonable steps to correct the information. You can ask us to associate with the information held, a statement from you claiming that the information is not correct.
If there is a denial of access to your personal information or a dispute as to the correctness of any personal information held, we will provide you with reasons for the denial or its refusal to correct the personal information. If you disagree with our decision for the denial or refusal to correct the personal information, you may request that we review the decision via our complaints handling procedures which are outlined below.
Dealing with us anonymously or using a fake name
We will generally need to know who you are in order to provide you with our products and services.
Despite this, in some circumstances you are entitled to deal with us anonymously, or by using a pseudonym (fake name), for example when making general enquiries about the services we offer
In some circumstances, you may receive a better service or response if we know who you are. For example, we can keep you up-to-date and better understand a complaint you might have if we know who you are and the circumstances of your complaint.
You must tell us when you are using a pseudonym when applying for our services. If we need to identify you, we will tell you whether or not your real name is required to access those services.
We take privacy concerns seriously, and we’ll work to address any problems we become aware of. If you have any further questions or concerns about the way we manage your personal information, including if you think we have breached the Australian Privacy Principles, please call our Privacy Officer on +61 2 8222 8000 or email us at email@example.com. Virgin Money Australia, a division of Bank of Queensland Limited ABN 32 009 656 740 Australian Credit Licence/AFSL 244616,
How will a complaint be handled?
We absolutely, positively cannot bear the thought of any of our customers not being completely happy with what we do. So if you do have any complaints, you can be sure they’ll be dealt with as fast as possible.
We are committed to resolving your complaint internally and as quickly as possible. We aim to respond to all complaints within 5 business days, however timeframes may be longer depending on the nature of the complaint.
We have also appointed a dedicated Customer Advocate who operates independently from our business operations and complaints resolution process. You may contact our Customer Advocate at firstname.lastname@example.org or by contacting in writing to:
Virgin Money Customer Advocate
PO Box 898
Brisbane QLD 4001
If your concerns have not been reviewed by our Customer Relations team, the Customer Advocate may refer your complaint to that team in the first instance.
If your complaint is not resolved to your satisfaction through the internal procedures outlined above, you may elect to refer your complaint to external dispute resolution to the Australian Financial Complaints Authority (AFCA) this is a free service.
Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001
Phone: 1800 931 678 (free call)
Email: email@example.com Website: www.afca.org.au
You may also elect to contact the Office of the Australian Information Commissioner (OAIC) if you have a complaint about the way we handle your personal information at:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
How do we protect personal information?
We take all reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification or disclosure. These include:
- using appropriate information technology and processes;
- restricting access to your personal information to our employees and those who perform services for us who need your personal information to do what we have engaged them to do;
- protecting paper documents from unauthorised access or use through security systems we deploy over our physical premises;
- using computer and network security systems with appropriate firewalls, encryption technology and passwords for the protection of electronic files; and
- requesting certain personal information from you when you wish to discuss any issues relating to the products and services we provide to you.
Whilst we take reasonable measures, no data transmission over the Internet can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any information you send to us using our online forms or products. You submit information over the Internet at your own risk.
If we no longer require your personal information, we will take reasonable steps to destroy or de-identify it unless we are required to keep it by law.
We train our staff to respect your privacy and keep your information confidential, and we ask the same standards of our service providers.
Are your online transactions secure?
We ensure your protection with Transport Layer Security (TLS) which secures communications between your web browser and the server by encrypting your data, converting it from plaintext to cipher text making the data unreadable to prevent anyone from reading or changing it.
Transport Layer Security (TLS) does this by:
Communications between your browser and the web server are encrypted to secure transmitted data. The web server sends a digital certificate to your device computer so that you can be sure of its identity (and know that the connection transaction is protected and secure - you‘ll see a lock symbol on the top left bottom right of the browser window).
Your device computer authenticates itself to the server by showing its digital signature.
When you log into our websites or applications, we encrypt data sent from your device to our systems so that no one else can decipher it. We have a number of other ‘defense in depth’ systems to prevent unauthorised people from accessing your information.
See our comments above regarding the websites of third parties including those that are linked to our website.