Privacy and security

Download a PDF version.

  • What's Virgin Money's Privacy Policy all about?

    This policy sets out how Virgin Money handles your personal information and explains the measures we have taken to make sure we abide by the Privacy Act 1988 (Cth), (Privacy Act) which includes the Australian Privacy Principles.

    It also aims to answer all the questions you might have about how we collect, hold, use and disclose your personal information.

    For the purposes of this Privacy Policy, “Virgin Money’’ or “we” means Virgin Money Australia, a division of Bank of Queensland Limited (ABN 32 009 656 740) and each of its related bodies corporate, including Virgin Money (Australia) Pty Limited ABN 75 103 478 897 and Virgin Money Financial Services Pty Ltd (ABN 51 113 285 395).  Virgin Group Companies means businesses that are part of the Virgin family.

    We may, in connection with particular services offer or provide to you, make other privacy disclosures to you or seek your authority to use your personal information in ways which are different from or more specific than those stated in this Privacy Policy. In the event of any inconsistency between the provisions of this Privacy Policy and those other disclosures, the other disclosures will apply.

    These principles may not apply to certain records and practices relating to the employment relationship between us and our employees or to certain disclosures between related bodies corporate.

    It is important that you read and understand this Privacy Policy.

  • What is 'personal information'?

    “Personal information” is information or an opinion about a reasonably identifiable individual. The types of personal information that we collect and hold include the information you give us when you make an enquiry, register as a customer or apply for a product, including your contact details and general demographic and financial information.

    We also collect and hold information about how you use our products and consume our services, including transaction and payment information, and details of any contact you have with our staff. We may also collect information regarding your internet activity (including your location) when you use our website, mobile app or online services.

  • Why do we collect personal information?

    As a general rule, the collection, holding and use of your personal information will be necessary for us to provide you with particular services. This includes:

    • assess your application for our products and services
    • managing your account
    • sending you statements and other information
    • you know about features, rewards or offers you may be eligible to receive
    • responding to your questions
    • solving your problems
    • knowing what type of services are likely to be useful to you
    • verifying your identity
    • minimise risks and identify or investigate fraud, possible money laundering or terrorism financing activities or other illegal activities
    • to comply with laws and assist government or law enforcement agencies
    • develop a better understanding of your needs using information we have about you or our other customers (transaction information), data from other sources such as third party websites or the Australian Bureau of Statistics. 

    If you don’t provide us with your personal information or otherwise authorise us to collect this information from third parties, we may not be able to provide you with one or more of our services.

    We may also use and exchange your information for other reasons where the law allows or requires us to do so.

  • Is any of the information we collect required by law?

    Yes, we may also collect your personal information to comply with legislative and regulatory requirements including, but not limited to, those imposed by the:

    • Superannuation Industry (Supervision) Act 1993
    • Superannuation Guarantee (Administration) Act 1992
    • Insurance Contracts Act 1986
    • Corporations Act 2001
    • National Consumer Credit Protection Act 2009
    • Anti-Money Laundering and Counter -Terrorism Financing Act 2006
  • Do you ever send me advertising materials?

    From time to time, we may also use your personal information to let you know about other products and services from Virgin Money that you might be interested in. We might also want to let you know about products and services from Virgin Group Companies, partners, merchants and other companies.

  • What if I don't want to receive advertising materials?

    That’s fine. Just let us know by calling us on 13 81 51, email us at or change your marketing preferences via the Virgin Money App.

    If you apply for any Virgin Money products and your application is declined, we may keep your details on file to let you know about future Virgin Money products.

  • How do we collect personal information?

    We will ordinarily collect any information about you directly from you or where it is provided to us with your authority. For example, we collect personal information directly from you through forms you fill out when applying for our products and services, when you make a claim under an insurance policy or through your ongoing interaction with us.

    When you call us on the telephone, we may monitor and in some cases record the telephone conversation for staff training and record-keeping purposes. Further, when we communicate with you by email, we may use technology to identify you so that we will be in a position to know when you have opened the email or clicked on a link in the email.

    When you use the Virgin Money App we may collect information about and/or monitor your activities, transactions, location, and behaviours.

    From time to time we may receive information that we have not asked for about you from third parties. We will only keep, use and disclose this information as permitted by law.

    Further, if personal information about you is collected by third parties on any website you have accessed through our websites or mobile app, we may also collect or have access to that information as part of our arrangement with those third parties.

    We may also collect basic personal information about third parties (e.g. an employer or a health provider) if provided by an applicant or claimant.

  • Online links to Third Party and Co-Branded sites?

    Virgin Money may establish relationships with business partners that allow visitors to our website or the Virgin Money App, to link directly to sites operated by these partners. Some of these sites may be ‘’co-branded” with our logo; however, these sites may not be operated or maintained by or on our behalf. These sites may collect personal information from you that may be shared with us. This Privacy Policy will apply to any personal information we obtain in this manner.

    Despite this, we are not responsible for the content or practices of websites operated by third parties that are linked to our website. These links are meant for the user’s convenience only. Links to third party sites do not constitute sponsorship, endorsement or approval by us of the content, policies or practices of those third party sites. Once you have left our website via such a link, you should check the applicable privacy policy of the third party site.

  • Do we use cookies on our website?

    Our website is designed to make it easy for you to find out about our products, to apply for them and to manage your money. To do this we use cookies, which are pieces of information that a website transfers to your computer’s memory or hard disk for record keeping purposes.

    Cookies can help us make your experience of the website more relevant, and they can also help us learn about how people use our website (and therefore help make it better).

    Certain sections within the Virgin Money App may also use cookies to manage our rewards hub.

    Most web browsers are set to accept cookies, but you can always change your computer settings to stop them. If you choose to do that, you may not be able to take full advantage of our online services.

  • How do we store personal information?

    We store your personal information in a number of ways including:

    • on secure servers including on cloud based services;
    • in electronic systems and devices;
    • in telephone recordings:
    • in paper files; and
    • document retention services off-site.

    This may include storage on our behalf by third party service providers. See our comments below about how we protect your information.

  • Why do we exchange personal information with third parties?

    We may sometimes exchange your personal information with other companies to deliver our products or services to you which may include dealing with complaints or marketing our own products.

    The types of organisations to which we may disclose this information include other financial services companies, loyalty or rewards providers that we partner with to provide our products and services, regulatory bodies and government agencies, courts and external dispute resolution schemes, your agents, including brokers or financial advisers, our agents, contractors and professional advisers who assist us in providing our services, your referees and guarantors, your or our insurers, and organisations that carry out functions on our behalf including mailing houses, data processors, researchers and analysts, system developers or testers, accountants, auditors and lawyers. While we share your information with them, these partners are not able to disclose it to others or use it for purposes other than the delivery of Virgin Money products and services unless you have provided consent.

    We may also disclose your personal information to third parties where you request us to or consent to us doing so or in order to fulfill our legal obligations. The information we provide to other organisations will be limited to what is required to provide the service or comply with the law. We don’t give your personal information to other companies for any other purposes not mentioned above e.g. marketing non Virgin Money products and services.

  • Exchange of information within the group

    We may also exchange information between members of the Bank of Queensland Group of Companies, including Virgin Money (Australia) Pty Limited and Virgin Money Financial Services Pty Ltd.

  • Exchange of information with overseas parties

    Some of the parties with which we exchange your personal information, including our partners, service providers and other third parties listed above, may be located outside Australia in countries including New Zealand, Thailand, China, Philippines, India, Singapore, the United States of America, United Kingdom, Spain, Israel and The Netherlands. When we do disclose and/or store personal information overseas, we protect that information with various security measures and contractual safeguards.  

  • Access and correction to your personal information

    We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date.

    You may request access to the information we hold about you at any time by calling our Privacy Officer on 13 81 51 or emailing us at

    Under certain circumstances, we may not tell you what personal information we hold about you or allow you to access that information, for example where the information relates to legal proceedings with you or where we are prevented by law from disclosing the information, or providing access would prejudice certain investigations. If one of the exceptions applies, we will consider whether the use of an intermediary is appropriate and would allow sufficient access to meet the needs of both parties. Where we do grant access to your information, we may charge you a fee for accessing your personal information.

    Under the Privacy Act, you also have a right to request that we correct information that you believe to be inaccurate, out of date, incomplete, irrelevant or misleading. If at any time you believe that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please advise us by calling our Privacy Officer on 13 81 51 or emailing us at and we will take all reasonable steps to correct the information. You can ask us to associate with the information held, a statement from you claiming that the information is not correct.

    If there is a denial of access to your personal information or a dispute as to the correctness of any personal information held, we will provide you with reasons for the denial or its refusal to correct the personal information. If you disagree with our decision for the denial or refusal to correct the personal information, you may request that we review the decision via our complaints handling procedures which are outlined below.

  • Dealing with us anonymously or using a fake name

    We will generally need to know who you are in order to provide you with our products and services.

    Despite this, in some circumstances you are entitled to deal with us anonymously, or by using a pseudonym (fake name), for example when making general enquiries about the services we offer

    In some circumstances, you may receive a better service or response if we know who you are.  For example, we can keep you up-to-date and better understand a complaint you might have if we know who you are and the circumstances of your complaint.

    You must tell us when you are using a pseudonym when applying for our services. If we need to identify you, we will tell you whether or not your real name is required to access those services.

  • What happens if our Privacy Policy changes in future?

    This statement sets out our current Privacy Policy. It replaces any of our other Privacy Policies which have been issued before the date of this Privacy Policy.

    We listen to the feedback our customers give us, and also what the broader public has to say about what we do. This informs how we develop new products and services, and also new ways of working. Because of this, our Privacy Policy may need to change from time to time. If it does, we'll notify you by publishing the new version on our website at

    We encourage you to periodically review our Privacy Policy for any changes.

  • Contacting us

    We take privacy concerns seriously, and we’ll work to address any problems we become aware of. If you have any further questions or concerns about the way we manage your personal information, including if you think we have breached the Australian Privacy Principles, please call our Privacy Officer on 13 81 51 or email us at Virgin Money Australia, a division of Bank of Queensland Limited ABN 32 009 656 740 Australian Credit Licence/AFSL 244616.

  • How will a complaint be handled?

    If you have a problem, complaint or dispute

    Our Service commitment

    At Virgin Money we are committed to providing our customers with innovative banking solutions and the best customer service experience. 

    Resolution of problems is a priority for us. If at any time our service does not meet your expectations we would like you to let us know.

    How to contact us

    If you have a complaint, there are a number of ways to contact us:

    How will your complaint be handled?

    If we cannot solve your problem on the spot, we will let you know who is handling your complaint and how long it is likely to take for it to be resolved.

    For further information about how we handle complaints, ask our friendly staff or download a copy of our Complaint Guide available on our website.

    What to do if you feel your complaint has not been resolved

    If you're unhappy with our response you can approach the Australian Financial Complaints Authority (AFCA). AFCA provides a free and independent complaint resolution service for financial services. To contact them you can:

    • Call: 1800 931 678 (free call)
    • Email:
    • Website:
    • Write to: GPO Box 3, Melbourne VIC 3001

    You may also elect to contact the Office of the Australian Information Commissioner (OAIC) if you have a complaint about the way we handle your personal information at:

    Office of the Australian Information Commissioner
    GPO Box 5218
    Sydney NSW 2001
    Call: 1300 363 992

  • How do we protect personal information?

    We take all reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification or disclosure. These include:

    • using appropriate information technology and processes;
    • restricting access to your personal information to our employees and those who perform services for us who need your personal information to do what we have engaged them to do;
    • protecting paper documents from unauthorised access or use through security systems we deploy over our physical premises;
    • using computer and network security systems with appropriate firewalls, encryption technology and passwords for the protection of electronic files; and
    • requesting certain personal information from you when you wish to discuss any issues relating to the products and services we provide to you.

    Whilst we take reasonable measures, no data transmission over the Internet can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any information you send to us using our online forms or products. You submit information over the Internet at your own risk.

    If we no longer require your personal information, we will take reasonable steps to destroy or de-identify it unless we are required to keep it by law.

    We train our staff to respect your privacy and keep your information confidential, and we ask the same standards of our service providers.

  • Are your online transactions secure?

    We ensure your protection with Transport Layer Security (TLS) which secures communications between your web browser and the server by encrypting your data, converting it from plaintext to cipher text making the data unreadable to prevent anyone from reading or changing it.

    Transport Layer Security (TLS) does this by:

    Server authentication

    Communications between your browser and the web server are encrypted to secure transmitted data. The web server sends a digital certificate to your device computer so that you can be sure of its identity (and know that the connection transaction is protected and secure - you‘ll see a lock symbol on the top left bottom right of the browser window).

    Client authentication

    Your device computer authenticates itself to the server by showing its digital signature.


    When you log into our websites or applications, we encrypt data sent from your device to our systems so that no one else can decipher it.  We have a number of other ‘defence in depth’ systems to prevent unauthorised people from accessing your information.

    See our comments above regarding the websites of third parties including those that are linked to our website.