Privacy and security
Download a PDF version.
This policy sets out how Virgin Money handles your personal information and explains the measures we have taken to make sure we abide by the Privacy Act 1988 (Cth), (Privacy Act) which includes the Australian Privacy Principles.
It also aims to answer all the questions you might have about how we collect, hold, use and disclose your personal information.
These principles may not apply to certain records and practices relating to the employment relationship between us and our employees or to certain disclosures between related bodies corporate.
What is 'personal information'?
"Personal information" is information or an opinion about a reasonably identifiable individual. The types of personal information that we collect include the information you give us when you make an enquiry, register as a customer or apply for a product, including your contact details and general demographic and financial information.
We also collect information about how you use our products, including transaction and payment information, and details of any contact you have with our staff. We may also collect information regarding your internet activity (including your location) when you use our website or online services.
Why do we collect personal information?
As a general rule, the collection, holding and use of your personal information will be necessary for us to provide you with particular services. This includes:
- managing your account
- sending you statements and other information
- letting you know about features of any rewards programs that may be part of your product
- responding to your questions
- solving your problems
- knowing what sorts of services are likely to be useful to you
- verifying your identity
- develop a better understanding of your needs.
Is any of the information we collect required by law?
Yes, we may also collect your personal information to comply with legislative and regulatory requirements including, but not limited to, those imposed by the:
- Superannuation Industry (Supervision) Act 1993
- Superannuation Guarantee (Administration) Act 1992
- Insurance Contracts Act 1986
- Corporations Act 2001
- National Consumer Credit Protection Act 2009
- Anti-Money Laundering and Counter –Terrorism Financing Act 2006
Do you ever send me advertising materials?
From time to time, we may also use your personal information to let you know about other products and services from Virgin Money that you might be interested in. We might also want to let you know about products and services from Virgin Group Companies, partners and other companies.
What if I don't want to receive advertising materials?
If you apply for any Virgin Money products and your application is declined, we may keep your details on file to let you know about future Virgin Money products.
How do we collect personal information?
We will ordinarily collect any information about you directly from you or where it is provided to us with your authority. For example, we collect personal information directly from you through forms you fill out when applying for our products and services, when you make a claim under an insurance policy or through your ongoing interaction with us.
When you call us on the telephone, we may monitor and in some cases record the telephone conversation for staff training and record-keeping purposes. Further, when we communicate with you by email, we may use technology to identify you so that we will be in a position to know when you have opened the email or clicked on a link in the email.
From time to time we may receive information that we have not asked for about you from third parties. We will only keep, use and disclose this information as permitted by law.
Further, if personal information about you is collected by third parties on any website you have accessed through our websites, we may also collect or have access to that information as part of our arrangement with those third parties.
We may also collect basic personal information about third parties (e.g. an employer or a health provider) if provided by an applicant or claimant.
- Online links to Third Party and Co-Branded sites?
How do we store personal information?
We store your personal information in a number of ways including:
- on secure servers;
- in electronic systems and devices;
- in telephone recordings;
- in paper files; and
- document retention services off-site.
This may include storage on our behalf by third party service providers. See our comments below about how we protect your information.
Why do we exchange personal information with third parties?
We may sometimes exchange your personal information with other companies to deliver our products or services to you which may include marketing our own products.
The types of organisations to which we may disclose this information include other financial services companies that we partner with to provide our products and services, regulatory bodies and government agencies, courts and external dispute resolution schemes, your agents, including brokers or financial advisers, our agents, contractors and professional advisers who assist us in providing our services, your referees and guarantors, your or our insurers, and organisations that carry out functions on our behalf including mailing houses, data processors, researchers, system developers or testers, accountants, auditors and lawyers.. While we share your information with them, these partners are not able to disclose it to others or use it for purposes other than the delivery of Virgin Money products and services unless you have provided consent.
We may also disclose your personal information to third parties where you request us to or consent to us doing so or in order to fulfill our legal obligations. The information we provide to other organisations will be limited to what is required to provide the service or comply with the law. We don't give your personal information to other companies for any other purposes not mentioned above. e.g. marketing non Virgin Money products and services.
Exchange of information within the group
We may also exchange information between members of the Virgin Money group including Virgin Money (Australia) Pty Ltd, Virgin Money Financial Services Pty Ltd, Virgin Money Home Loans Pty Ltd and our parent company Bank of Queensland Limited.
Exchange of information with overseas parties
Some of the parties with which we exchange your personal information, including our partners, service providers and other third parties listed above, may be located outside Australia in countries including New Zealand, Philippines, India, Singapore, the United States of America, United Kingdom, Spain and Israel.
Access and correction to your personal information
We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date.
Under certain circumstances, we may not tell you what personal information we hold about you or allow you to access that information, for example where the information relates to legal proceedings with you or where we are prevented by law from disclosing the information, or providing access would prejudice certain investigations. If one of the exceptions applies, we will consider whether the use of an intermediary is appropriate and would allow sufficient access to meet the needs of both parties. Where we do grant access to your information, we may charge you a fee for accessing your personal information.
Under the Privacy Act, you also have a right to request that we correct information that you believe to be inaccurate, out of date, incomplete, irrelevant or misleading. If at any time you believe that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please advise us by calling our Privacy Officer on +61 2 8222 8000 or emailing us at firstname.lastname@example.org and we will take all reasonable steps to correct the information. You can ask us to associate with the information held, a statement from you claiming that the information is not correct.
If there is a denial of access to your personal information or a dispute as to the correctness of any personal information held, we will provide you with reasons for the denial or its refusal to correct the personal information. If you disagree with our decision for the denial or refusal to correct the personal information, you may request that we review the decision via our complaints handling procedures which are outlined below.
Dealing with us anonymously or using a fake name
We will generally need to know who you are in order to provide you with our products and services.
Despite this, in some circumstances you are entitled to deal with us anonymously, or by using a pseudonym (fake name), for example when making general enquiries about the services we offer
In some circumstances, you may receive a better service or response if we know who you are. For example, we can keep you up-to-date and better understand a complaint you might have if we know who you are and the circumstances of your complaint.
You must tell us when you are using a pseudonym when applying for our services. If we need to identify you, we will tell you whether or not your real name is required to access those services.
We take privacy concerns seriously, and we'll work to address any problems we become aware of. If you have any further questions or concerns about the way we manage your personal information, including if you think we have breached the Australian Privacy Principles, please call our Privacy Officer on +61 2 8222 8000 or email us at email@example.com.
How will a complaint be handled?
We absolutely, positively cannot bear the thought of any of our customers not being completely happy with what we do. So if you do have any complaints, you can be sure they’ll be dealt with as fast as possible.
We are committed to resolving your complaint internally and as quickly as possible. We aim to respond to all complaints within 5 business days, however timeframes may be longer depending on the nature of the complaint.
If your complaint is not resolved to your satisfaction through the internal procedures outlined above, you may elect to refer your complaint to an external dispute resolution the Australian Financial Complaints Authority (AFCA) this is a free service.
You may also elect to contact the Office of the Australian Information Commissioner (OAIC) if you have a complaint about the way we handle your personal information at:
How do we protect personal information?
We take all reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification or disclosure. These include:
- using appropriate information technology and processes;
- restricting access to your personal information to our employees and those who perform services for us who need your personal information to do what we have engaged them to do;
- protecting paper documents from unauthorised access or use through security systems we deploy over our physical premises;
- using computer and network security systems with appropriate firewalls, encryption technology and passwords for the protection of electronic files; and
- requesting certain personal information from you when you wish to discuss any issues relating to the products and services we provide to you.
Whilst we take reasonable measures, no data transmission over the Internet can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any information you send to us using our online forms or products. You submit information over the Internet at your own risk.
If we no longer require your personal information, we will take reasonable steps to destroy or de-identify it unless we are required to keep it by law.
We train our staff to respect your privacy and keep your information confidential, and we ask the same standards of our service providers.
Are your online transactions secure?
We ensure your protection with a Secure Socket Layer (SSL), which scrambles your data to make it unreadable by third parties. It does this by:
The web server sends a digital certificate to your computer so that you can be sure of its identity (and know that the transaction is protected - you'll see a lock symbol on the bottom right of the browser window).
Your computer authenticates itself to the server by showing its digital signature.
During the internet connection, data that's transferred from your computer to the server is scrambled, so that only your computer and the server can understand the contents of the transaction. This prevents other internet users from intercepting the information sent.
See our comments above regarding the websites of third parties including those that are linked to our website.